What is CVE-2010-1157?

CVE-2010-1157 is a vulnerability in Apache Tomcat, classified under Information Disclosure. Published 2010-04-23.

Is CVE-2010-1157 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Information disclosure in Apache Tomcat

CVE-2010-1157

Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then rea…

Vulnerability class: Information Disclosure

EPSS: 0.525 (98.8th percentile) — read the EPSS interpretation.

Affected products

Apache Tomcat — versions 5.5.26, 6.0.15, 5.5.23
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

Public proof-of-concept exploits

References

APPLE-SA-2011-10-12-3 (vendor-advisory, x_refsource_APPLE)
SUSE-SR:2010:017 (vendor-advisory, x_refsource_SUSE)
HPSBUX02579 (x_refsource_HP, vendor-advisory)
HPSBOV02762 (x_refsource_HP, vendor-advisory)
HPSBUX02860 (x_refsource_HP, vendor-advisory)
HPSBST02955 (x_refsource_HP, vendor-advisory)
39574 (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
42368 (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
43310 (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
57126 (x_refsource_SECUNIA, third-party-advisory)

Frequently asked questions

What is CVE-2010-1157?: CVE-2010-1157 is a vulnerability in Apache Tomcat, classified under Information Disclosure. Published 2010-04-23.
Is CVE-2010-1157 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.