6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
0.637 Medium
EPSS
Percentile
97.9%
According to its self-reported version number, the instance of Apache Tomcat 6.0 listening on the remote host is prior to 6.0.28. It is, therefore, affected by multiple vulnerabilities:
If a web app is configured to use BASIC or DIGEST authentication and the โrealm-nameโ attribute is not configured in that web appโs โweb.xmlโ file, the remote serverโs hostname or IP will be included in replies. (CVE-2010-1157)
An error exists in the handling of invalid values in the โTransfer-Encodingโ header of a request. An attacker can exploit this to cause a denial of service or to disclose sensitive information. (CVE-2010-2227)
Note that Nessus Network Monitor has not tested for these issues but has instead relied only on the applicationโs self-reported version number.
Binary data 5788.pasl