2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
0.154 Low
EPSS
Percentile
95.8%
Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow
remote attackers to discover the serverโs hostname or IP address by sending
a request for a resource that requires (1) BASIC or (2) DIGEST
authentication, and then reading the realm field in the WWW-Authenticate
header in the reply.
Author | Note |
---|---|
mdeslaur | upstream patch changes the default realm name. This may have too great an impact of existing installations to be worthwhile backporting. Ignoring. |