logo
DATABASE RESOURCES PRICING ABOUT US

Apache Tomcat 6.0.x < 6.0.28 Multiple Vulnerabilities

Description

According to its self-reported version number, the instance of Apache Tomcat 6.0 listening on the remote host is prior to 6.0.28. It is, therefore, affected by multiple vulnerabilities: - If a web app is configured to use BASIC or DIGEST authentication and the 'realm-name' attribute is not configured in that web app's 'web.xml' file, the remote server's hostname or IP will be included in replies. (CVE-2010-1157) - An error exists in the handling of invalid values in the 'Transfer-Encoding' header of a request. An attacker can exploit this to cause a denial of service or to disclose sensitive information. (CVE-2010-2227) Note that Nessus Network Monitor has not tested for these issues but has instead relied only on the application's self-reported version number.


Related