Lucene search

[email protected]CVE-2010-1157

HistoryApr 23, 2010 - 2:30 p.m.

CVE-2010-1157

2010-04-2314:30:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2010-1157

apache tomcat

server security

remote attack

authentication bypass

nvd

4.3 Medium

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.154 Low

EPSS

Percentile

95.8%

JSON

Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server’s hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.

CPENameOperatorVersion
apache:tomcatapache tomcateq5.5.27
apache:tomcatapache tomcateq5.5.18
apache:tomcatapache tomcateq5.5.12
apache:tomcatapache tomcateq5.5.14
apache:tomcatapache tomcateq5.5.10
apache:tomcatapache tomcateq5.5.4
apache:tomcatapache tomcateq5.5.7
apache:tomcatapache tomcateq5.5.1
apache:tomcatapache tomcateq5.5.11
apache:tomcatapache tomcateq5.5.28

CPE	Name	Operator	Version
apache:tomcat	apache tomcat	eq	5.5.27
apache:tomcat	apache tomcat	eq	5.5.18
apache:tomcat	apache tomcat	eq	5.5.12
apache:tomcat	apache tomcat	eq	5.5.14
apache:tomcat	apache tomcat	eq	5.5.10
apache:tomcat	apache tomcat	eq	5.5.4
apache:tomcat	apache tomcat	eq	5.5.7
apache:tomcat	apache tomcat	eq	5.5.1
apache:tomcat	apache tomcat	eq	5.5.11
apache:tomcat	apache tomcat	eq	5.5.28

Rows per page:

1-10 of 531

References

lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html

lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html

marc.info/?l=bugtraq&m=129070310906557&w=2

marc.info/?l=bugtraq&m=133469267822771&w=2

marc.info/?l=bugtraq&m=136485229118404&w=2

marc.info/?l=bugtraq&m=139344343412337&w=2

secunia.com/advisories/39574

secunia.com/advisories/42368

secunia.com/advisories/43310

secunia.com/advisories/57126

support.apple.com/kb/HT5002

svn.apache.org/viewvc?view=revision&revision=936540

svn.apache.org/viewvc?view=revision&revision=936541

tomcat.apache.org/security-5.html

tomcat.apache.org/security-6.html

www.debian.org/security/2011/dsa-2207

www.mandriva.com/security/advisories?name=MDVSA-2010:176

www.mandriva.com/security/advisories?name=MDVSA-2010:177

www.redhat.com/support/errata/RHSA-2011-0896.html

www.redhat.com/support/errata/RHSA-2011-0897.html

www.securityfocus.com/archive/1/510879/100/0/threaded

www.securityfocus.com/archive/1/516397/100/0/threaded

www.securityfocus.com/bid/39635

www.vmware.com/security/advisories/VMSA-2011-0003.html

www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html

www.vupen.com/english/advisories/2010/0980

www.vupen.com/english/advisories/2010/3056

lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19492

4.3 Medium

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.154 Low

EPSS

Percentile

95.8%

JSON

Related for CVE-2010-1157

exploitpack1 openvas18 nessus20 osv1 securityvulns4 prion1 seebug3 freebsd1 ubuntucve1 github1 exploitdb1 tomcat2 redhat2 debian1 gentoo1 ibm1