246 matches found
[SECURITY] CVE-2009-0580 Apache Tomcat User enumeration vulnerability with FORM authentication
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2009-0580: Tomcat information disclosure vulnerability Severity: Low Vendor: The Apache Software Foundation Versions Affected: Tomcat 4.1.0 to 4.1.39 Tomcat 5.5.0 to 5.5.27 Tomcat 6.0.0 to 6.0.18 The unsupported Tomcat 3.x, 4.0.x and 5.0.x version...
Apache Tomcat表单认证用户名枚举漏洞
BUGTRAQ ID: 35196 CVECAN ID: CVE-2009-0580 Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 由于某些认证类中的不充分错误检查,如果远程攻击者向Tomcat服务器提交了非法URL编码的口令就可能通过返回判断是否存在所请求的用户名。如果基于表单的认证(jsecuritycheck)使用了任意以下认证域就可以执行这种攻击: MemoryRealm DataSourceRealm JDBCRealm Apache Group Tomcat 6.0.x Apache Group Tomcat 5.5.x Apache Group...
Apache Tomcat 6.0.18 - Form Authentication ExistingNon-Existing Username Enumeration
Apache Tomcat 6.0.18 - Form Authentication ExistingNon-Existing Username Enumeration source: https://www.securityfocus.com/bid/35196/info Apache Tomcat is prone to a username-enumeration weakness because it displays different responses to login attempts, depending on whether or not the username...
Apache Tomcat 6.0.18 - Form Authentication Existing/Non-Existing 'Username' Enumeration
source: https://www.securityfocus.com/bid/35196/info Apache Tomcat is prone to a username-enumeration weakness because it displays different responses to login attempts, depending on whether or not the username exists. Attackers may exploit this weakness to discern valid usernames. This may aid...
HTTP login page
This script logs onto a web server through a login page and stores the authentication / session cookie. C Tenable Network Security, Inc. @PREFERENCES@ include"compat.inc"; ifdescription scriptid11149; scriptversion"1.37"; scriptsetattributeattribute:"pluginmodificationdate", value:"2025/09/29";...
Security Update for ISA Server 2006 Supportability Pack (KB 970811)
When publishing a Web server using forms-based authentication with Radius one-time password OTP as the credentials authority and Kerberos constrained delegation, it may be possible to bypass the form authentication and log on using invalid credentials...