----------------------------------------------------------------------


  Secunia CSI
+ Microsoft SCCM
-----------------------
= Extensive Patch Management

http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/


----------------------------------------------------------------------

TITLE:
Apache Tomcat Authentication Header Information Disclosure

SECUNIA ADVISORY ID:
SA39574

VERIFY ADVISORY:
http://secunia.com/advisories/39574/

DESCRIPTION:
A security issue has been reported in Apache Tomcat, which can be
exploited by malicious people to disclose certain system
information.

The security issue is caused due to Tomcat using the local host name
or the IP address to generate the realm name if no "<realm-name>" is
specified for an application in web.xml. This can result in the
disclosure of the local host name or the IP address of the system
running Tomcat via a "WWW-Authenticate" HTTP header.

SOLUTION:
Fixed in the SVN repositories. The security issue will also be fixed
in upcoming versions 6.0.27 and 5.5.30.

Tomcat 6.0.x:
http://svn.apache.org/viewvc?view=rev&rev=936540

Tomcat 5.5.x:
http://svn.apache.org/viewvc?view=rev&rev=936541

PROVIDED AND/OR DISCOVERED BY:
The vendor credits Deniz Cevik.

ORIGINAL ADVISORY:
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------