Versions of Tomcat 6.x earlier than 6.0.28 are potentially affected by multiple vulnerabilities :
The โWWW-Authenticateโ HTTP header for BASIC and DIGEST authentication could potentially expose the local host name or IP adddress of the machine running Tomcat. (CVE-2010-1157)
Several flaws in handling of the โTransfer-Encodingโ header exist that could prevent the recycling of a buffer. (CVE-2010-2227)
Binary data 800595.prm