CVE-2010-1157
Apache Tomcat <6.0.26 - Info Disclosure
Title source: llmDescription
Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Deniz Cevik · textremotemultiple
https://www.exploit-db.com/exploits/12343
References (32)
... and 12 more
Scores
EPSS
0.2165
EPSS Percentile
95.7%
Details
CWE
CWE-200
Status
published
Products (50)
apache/tomcat
5.5.0
apache/tomcat
5.5.1
apache/tomcat
5.5.2
apache/tomcat
5.5.3
apache/tomcat
5.5.4
apache/tomcat
5.5.5
apache/tomcat
5.5.6
apache/tomcat
5.5.7
apache/tomcat
5.5.8
apache/tomcat
5.5.9
... and 40 more
Published
Apr 23, 2010
Tracked Since
Feb 18, 2026