Lucene search

PRIOn knowledge basePRION:CVE-2010-1157

HistoryApr 23, 2010 - 2:30 p.m.

Authentication flaw

2010-04-2314:30:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.154 Low

EPSS

Percentile

95.7%

JSON

Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server’s hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.

CPENameOperatorVersion
tomcateq5.5.27
tomcateq5.5.18
tomcateq5.5.12
tomcateq5.5.14
tomcateq5.5.10
tomcateq5.5.4
tomcateq5.5.7
tomcateq5.5.1
tomcateq5.5.11
tomcateq5.5.28

Name	Operator	Version
tomcat	eq	5.5.27
tomcat	eq	5.5.18
tomcat	eq	5.5.12
tomcat	eq	5.5.14
tomcat	eq	5.5.10
tomcat	eq	5.5.4
tomcat	eq	5.5.7
tomcat	eq	5.5.1
tomcat	eq	5.5.11
tomcat	eq	5.5.28

Rows per page:

1-10 of 531

References

lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html

lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html

secunia.com/advisories/39574

secunia.com/advisories/42368

secunia.com/advisories/43310

secunia.com/advisories/57126

support.apple.com/kb/HT5002

svn.apache.org/viewvc?view=revision&revision=936540

svn.apache.org/viewvc?view=revision&revision=936541

tomcat.apache.org/security-5.html

tomcat.apache.org/security-6.html

www.debian.org/security/2011/dsa-2207

www.mandriva.com/security/advisories?name=MDVSA-2010:176

www.mandriva.com/security/advisories?name=MDVSA-2010:177

www.redhat.com/support/errata/RHSA-2011-0896.html

www.redhat.com/support/errata/RHSA-2011-0897.html

www.securityfocus.com/archive/1/510879/100/0/threaded

www.securityfocus.com/archive/1/516397/100/0/threaded

www.securityfocus.com/bid/39635

www.vmware.com/security/advisories/VMSA-2011-0003.html

www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html

www.vupen.com/english/advisories/2010/0980

www.vupen.com/english/advisories/2010/3056

lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E

marc.info/?l=bugtraq&m=129070310906557&w=2

marc.info/?l=bugtraq&m=133469267822771&w=2

marc.info/?l=bugtraq&m=136485229118404&w=2

marc.info/?l=bugtraq&m=139344343412337&w=2

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19492

7 High

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.154 Low

EPSS

Percentile

95.7%

JSON

Related for PRION:CVE-2010-1157