CVE-2010-1157
published 2010-04-23CVE-2010-1157: Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request…
PriorityP335low2.6CVSS 2.0
AVNACHAuNCPINAN
EXPLOIT
EPSS
52.51%
98.8th percentile
Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
Affected
58 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect information disclosure by monitoring WWW-Authenticate response headers where the realm field contains a hostname or IP address and port (e.g. realm="<host>:<port>"), indicating no realm-name is configured in web.xml. ↗
- →Trigger condition: attacker sends a request to a resource requiring BASIC or DIGEST authentication and reads the realm field in the WWW-Authenticate header of the 401 reply to discover internal hostname or IP. ↗
- →The vulnerable default realm is generated by Tomcat using request.getServerName() + ":" + request.getServerPort(); look for this pattern in 401 responses to identify unpatched instances. ↗
- ·Vulnerability only applies when no realm-name is explicitly set in the login-config section of web.xml for applications using BASIC or DIGEST authentication. ↗
- ·Configurations that already have a realm-name specified in web.xml are not affected by this issue. ↗
- ·The leak is only operationally significant in deployments where requests are proxied to internal Tomcat instances from a publicly-accessible host, since it exposes the internal host:port. ↗
CVSS provenance
nvdv2.02.6LOWAV:N/AC:H/Au:N/C:P/I:N/A:N
vendor_redhat2.6LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
osv·2022-05-02
CVE-2010-1157 [MEDIUM] Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
GHSA
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
ghsa·2022-05-02
CVE-2010-1157 [MEDIUM] CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
VMware
Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
vendor_vmware·2011-02-10·CVSS 5.0
CVE-2008-0085 [MEDIUM] Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
VMSA-2011-0003: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX VMware Security Advisory VMware Security Advisory Advisory ID: VMware Security Advisory Synopsis: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX VMware Security Advisory Issue date: VMware Security Advisory Updated on: VMware Security Advisory CVE numbers:
CVEs: CVE-2008-0085, CVE-2008-0086, CVE-2008-0106, CVE-2008-0107, CVE-2008-3825, CVE-2008-5416, CVE-2009-1384, CVE-2009-2693, CVE-2009-2901, CVE-2009-2902, CVE-2009-3548, CVE-2009-3555, CVE-2009-4308, CVE-2010-0003, CVE-2010-0007, CVE-2010-0008, CVE-2010-0082, CVE-2010-0084, CVE-2010-0085,
Red Hat
tomcat: information disclosure in authentication headers
vendor_redhat·2010-04-21·CVSS 2.6
CVE-2010-1157 [LOW] tomcat: information disclosure in authentication headers
tomcat: information disclosure in authentication headers
Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
Statement: The risks associated with fixing this flaw are greater than the low severity security risk. We therefore have no plans to fix this flaw. The information leak can be avoided by adjusting the configuration to always specify a realm-name.
Package: tomcat5 (Red Hat Enterprise Linux 5) - Will not fix
Package: tomcat6 (Red Hat Enterprise Linux 6) - Will not fix
No detection rules found.
Bugzilla
CVE-2010-1157 tomcat: information disclosure in authentication headers [fedora-all]
bugzilla·2010-04-23·CVSS 2.6
CVE-2010-1157 [LOW] CVE-2010-1157 tomcat: information disclosure in authentication headers [fedora-all]
CVE-2010-1157 tomcat: information disclosure in authentication headers [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
Forr more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=585331
Please note: this issue affect
Bugzilla
CVE-2009-2901 CVE-2009-2902 CVE-2009-2693 CVE-2010-1157 tomcat: multiple vulnerabilities [fedora-all]
bugzilla·2010-04-23·CVSS 5.8
CVE-2009-2901 [MEDIUM] CVE-2009-2901 CVE-2009-2902 CVE-2009-2693 CVE-2010-1157 tomcat: multiple vulnerabilities [fedora-all]
CVE-2009-2901 CVE-2009-2902 CVE-2009-2693 CVE-2010-1157 tomcat: multiple vulnerabilities [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
Forr more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=585331
Please note:
Bugzilla
CVE-2010-1157 tomcat: information disclosure in authentication headers
bugzilla·2010-04-23·CVSS 2.6
CVE-2010-1157 [LOW] CVE-2010-1157 tomcat: information disclosure in authentication headers
CVE-2010-1157 tomcat: information disclosure in authentication headers
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-1157 to
the following vulnerability:
Name: CVE-2010-1157
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1157
Assigned: 20100329
Reference: BUGTRAQ:20100421 [SECURITY] CVE-2010-1157: Apache Tomcat information disclosure vulnerability
Reference: URL: http://www.securityfocus.com/archive/1/archive/1/510879/100/0/threaded
Reference: CONFIRM: http://tomcat.apache.org/security-5.html
Reference: CONFIRM: http://tomcat.apache.org/security-6.html
Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might
allow remote attackers to discover the server's hostname or IP address
by sending a request for a resource that requires (1) BASIC or (2
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.htmlhttp://marc.info/?l=bugtraq&m=129070310906557&w=2http://marc.info/?l=bugtraq&m=133469267822771&w=2http://marc.info/?l=bugtraq&m=136485229118404&w=2http://marc.info/?l=bugtraq&m=139344343412337&w=2http://secunia.com/advisories/39574http://secunia.com/advisories/42368http://secunia.com/advisories/43310http://secunia.com/advisories/57126http://support.apple.com/kb/HT5002http://svn.apache.org/viewvc?view=revision&revision=936540http://svn.apache.org/viewvc?view=revision&revision=936541http://tomcat.apache.org/security-5.htmlhttp://tomcat.apache.org/security-6.htmlhttp://www.debian.org/security/2011/dsa-2207http://www.mandriva.com/security/advisories?name=MDVSA-2010:176http://www.mandriva.com/security/advisories?name=MDVSA-2010:177http://www.redhat.com/support/errata/RHSA-2011-0896.htmlhttp://www.redhat.com/support/errata/RHSA-2011-0897.htmlhttp://www.securityfocus.com/archive/1/510879/100/0/threadedhttp://www.securityfocus.com/archive/1/516397/100/0/threadedhttp://www.securityfocus.com/bid/39635http://www.vmware.com/security/advisories/VMSA-2011-0003.htmlhttp://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.htmlhttp://www.vupen.com/english/advisories/2010/0980http://www.vupen.com/english/advisories/2010/3056https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3Ehttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19492http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.htmlhttp://marc.info/?l=bugtraq&m=129070310906557&w=2http://marc.info/?l=bugtraq&m=133469267822771&w=2http://marc.info/?l=bugtraq&m=136485229118404&w=2http://marc.info/?l=bugtraq&m=139344343412337&w=2http://secunia.com/advisories/39574http://secunia.com/advisories/42368http://secunia.com/advisories/43310http://secunia.com/advisories/57126http://support.apple.com/kb/HT5002http://svn.apache.org/viewvc?view=revision&revision=936540http://svn.apache.org/viewvc?view=revision&revision=936541http://tomcat.apache.org/security-5.htmlhttp://tomcat.apache.org/security-6.htmlhttp://www.debian.org/security/2011/dsa-2207http://www.mandriva.com/security/advisories?name=MDVSA-2010:176http://www.mandriva.com/security/advisories?name=MDVSA-2010:177http://www.redhat.com/support/errata/RHSA-2011-0896.htmlhttp://www.redhat.com/support/errata/RHSA-2011-0897.htmlhttp://www.securityfocus.com/archive/1/510879/100/0/threadedhttp://www.securityfocus.com/archive/1/516397/100/0/threadedhttp://www.securityfocus.com/bid/39635http://www.vmware.com/security/advisories/VMSA-2011-0003.htmlhttp://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.htmlhttp://www.vupen.com/english/advisories/2010/0980http://www.vupen.com/english/advisories/2010/3056https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3Ehttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19492
2010-04-23
Published