SynopsisThe remote web server is vulnerable to multiple attack vectors.
DescriptionVersions of Tomcat 6.x earlier than 6.0.28 are potentially affected by multiple vulnerabilities :
- The 'WWW-Authenticate' HTTP header for BASIC and DIGEST authentication could potentially expose the local host name or IP adddress of the machine running Tomcat. (CVE-2010-1157)
- Several flaws in handling of the 'Transfer-Encoding' header exist that could prevent the recycling of a buffer. (CVE-2010-2227)
SolutionUpgrade to Apache Tomcat 6.0.28 or later.