1
Candidate: CVE-2010-1157
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1157
5
http://tomcat.apache.org/security-6.html
6
http://tomcat.apache.org/security-5.html
8
Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow
9
remote attackers to discover the server's hostname or IP address by sending
10
a request for a resource that requires (1) BASIC or (2) DIGEST
11
authentication, and then reading the realm field in the WWW-Authenticate
15
mdeslaur> upstream patch changes the default realm name. This may have
16
mdeslaur> too great an impact of existing installations to be worthwhile
17
mdeslaur> backporting. Ignoring.
19
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-1157
20
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=587447
26
upstream_tomcat5: needed
27
dapper_tomcat5: ignored (reached end-of-life)
36
upstream: http://svn.apache.org/viewvc?view=revision&revision=936541
37
upstream_tomcat5.5: released (5.5.30)
39
hardy_tomcat5.5: ignored
40
intrepid_tomcat5.5: needed (reached end-of-life)
41
jaunty_tomcat5.5: ignored
47
upstream: http://svn.apache.org/viewvc?view=revision&revision=936540
48
upstream_tomcat6: released (6.0.28)
51
intrepid_tomcat6: needed (reached end-of-life)
52
jaunty_tomcat6: ignored
53
karmic_tomcat6: ignored
54
lucid_tomcat6: ignored
55
devel_tomcat6: not-affected (6.0.28-2)