VIR Vulnerability Intelligence Relay

CVE-2010-1157

low
Published 2010-04-23 · Modified 2023-11-08
CVSS v3
CVSS v2
2.6
VIR risk
2.6

Description

Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://www.vupen.com/english/advisories/2010/3056

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://www.vupen.com/english/advisories/2010/0980

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://tomcat.apache.org/security-6.html

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://tomcat.apache.org/security-5.html

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://svn.apache.org/viewvc?view=revision&revision=936541

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://svn.apache.org/viewvc?view=revision&revision=936540

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://secunia.com/advisories/43310

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://secunia.com/advisories/42368

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://secunia.com/advisories/39574

Package impact
EcosystemPackageVulnerableFixed
java Mavenorg.apache.tomcat:tomcat>=5.5.0,<5.5.305.5.30
java Mavenorg.apache.tomcat:tomcat>=6.0.0,<6.0.286.0.28

Application impact
VendorProductVersionsFixed
apache apachetomcat6.0.0
apache apachetomcat5.5.0
apache apachetomcat5.5.1
apache apachetomcat5.5.2
apache apachetomcat5.5.3
apache apachetomcat5.5.4
apache apachetomcat5.5.5
apache apachetomcat5.5.6
apache apachetomcat5.5.7
apache apachetomcat5.5.8
apache apachetomcat5.5.9
apache apachetomcat5.5.10
apache apachetomcat5.5.11
apache apachetomcat5.5.12
apache apachetomcat5.5.13
apache apachetomcat5.5.14
apache apachetomcat5.5.15
apache apachetomcat5.5.16
apache apachetomcat5.5.17
apache apachetomcat5.5.18
apache apachetomcat5.5.19
apache apachetomcat5.5.20
apache apachetomcat5.5.21
apache apachetomcat5.5.22
apache apachetomcat5.5.23
apache apachetomcat5.5.24
apache apachetomcat5.5.25
apache apachetomcat5.5.26
apache apachetomcat5.5.27
apache apachetomcat5.5.28
apache apachetomcat5.5.29
apache apachetomcat6.0.1
apache apachetomcat6.0.2
apache apachetomcat6.0.3
apache apachetomcat6.0.4
apache apachetomcat6.0.5
apache apachetomcat6.0.6
apache apachetomcat6.0.7
apache apachetomcat6.0.8
apache apachetomcat6.0.9
apache apachetomcat6.0.10
apache apachetomcat6.0.11
apache apachetomcat6.0.12
apache apachetomcat6.0.13
apache apachetomcat6.0.14
apache apachetomcat6.0.15
apache apachetomcat6.0.16
apache apachetomcat6.0.17
apache apachetomcat6.0.18
apache apachetomcat6.0.19
apache apachetomcat6.0.20
apache apachetomcat6.0.24
apache apachetomcat6.0.26

References

CWEs

CWE-200

Verify integrity in audit chain (admin only). AS-IS.