The Vulnerability History Project

Fix CVE-2010-1157.

      Prevent possible disclosure of host name or IP address via the HTTP WWW-Authenticate header when using BASIC or DIGEST authentication.

git-svn-id: https://svn.apache.org/repos/asf/tomcat/tc5.5.x/trunk@936541 13f79535-47bb-0310-9956-ffa450edef68

by Pauline the Wren 2010-04-21 22:13:26 UTC

commit 78e45a225c5c5564945191f7e421f8859885d63b

Tomcat

container/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java

-5

container/catalina/src/share/org/apache/catalina/authenticator/BasicAuthenticator.java

+3 -1

container/catalina/src/share/org/apache/catalina/authenticator/DigestAuthenticator.java

+2 -1

container/webapps/docs/changelog.xml

-5

container/webapps/docs/realm-howto.xml

+1 -5

expand_less