The Vulnerability History Project

Fix CVE-2010-1157.

      Prevent possible disclosure of host name or IP address via the HTTP WWW-Authenticate header when using BASIC or DIGEST authentication.

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@936539 13f79535-47bb-0310-9956-ffa450edef68

by Pauline the Wren 2010-04-21 22:11:29 UTC

commit a4de93b2aaf74fff7c1e194f7ce3d2228a9680b8

Tomcat Fix Watch Your Header CVE-2010-1157

java/org/apache/catalina/authenticator/AuthenticatorBase.java

java/org/apache/catalina/authenticator/BasicAuthenticator.java

+1 -3

java/org/apache/catalina/authenticator/DigestAuthenticator.java

+1 -2

webapps/docs/realm-howto.xml

+5 -1

expand_less