Lucene search
K

246 matches found

securityvulns
securityvulns
added 2009/06/05 12:0 a.m.138 views

[SECURITY] CVE-2009-0580 Apache Tomcat User enumeration vulnerability with FORM authentication

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2009-0580: Tomcat information disclosure vulnerability Severity: Low Vendor: The Apache Software Foundation Versions Affected: Tomcat 4.1.0 to 4.1.39 Tomcat 5.5.0 to 5.5.27 Tomcat 6.0.0 to 6.0.18 The unsupported Tomcat 3.x, 4.0.x and 5.0.x version...

4.3CVSS4.9AI score0.9444EPSS
Exploits4
seebug.org
seebug.org
added 2009/06/05 12:0 a.m.115 views

Apache Tomcat表单认证用户名枚举漏洞

BUGTRAQ ID: 35196 CVECAN ID: CVE-2009-0580 Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 由于某些认证类中的不充分错误检查,如果远程攻击者向Tomcat服务器提交了非法URL编码的口令就可能通过返回判断是否存在所请求的用户名。如果基于表单的认证(jsecuritycheck)使用了任意以下认证域就可以执行这种攻击: MemoryRealm DataSourceRealm JDBCRealm Apache Group Tomcat 6.0.x Apache Group Tomcat 5.5.x Apache Group...

4.3CVSS5.2AI score0.9444EPSS
Exploits4
exploitpack
exploitpack
added 2009/06/03 12:0 a.m.8 views

Apache Tomcat 6.0.18 - Form Authentication ExistingNon-Existing Username Enumeration

Apache Tomcat 6.0.18 - Form Authentication ExistingNon-Existing Username Enumeration source: https://www.securityfocus.com/bid/35196/info Apache Tomcat is prone to a username-enumeration weakness because it displays different responses to login attempts, depending on whether or not the username...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2009/06/03 12:0 a.m.37 views

Apache Tomcat 6.0.18 - Form Authentication Existing/Non-Existing 'Username' Enumeration

source: https://www.securityfocus.com/bid/35196/info Apache Tomcat is prone to a username-enumeration weakness because it displays different responses to login attempts, depending on whether or not the username exists. Attackers may exploit this weakness to discern valid usernames. This may aid...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2002/10/26 12:0 a.m.6428 views

HTTP login page

This script logs onto a web server through a login page and stores the authentication / session cookie. C Tenable Network Security, Inc. @PREFERENCES@ include"compat.inc"; ifdescription scriptid11149; scriptversion"1.37"; scriptsetattributeattribute:"pluginmodificationdate", value:"2025/09/29";...

5.4AI score
Exploits0
Microsoft Security Update
Microsoft Security Update
added 1970/01/01 12:0 a.m.24 views

Security Update for ISA Server 2006 Supportability Pack (KB 970811)

When publishing a Web server using forms-based authentication with Radius one-time password OTP as the credentials authority and Kerberos constrained delegation, it may be possible to bypass the form authentication and log on using invalid credentials...

2.3AI score
Exploits0
Rows per page
Query Builder