Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability

info
discussion
exploit
solution
references

Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability

Apache Tomcat is prone to a remote information-disclosure vulnerability because the application fails to properly restrict access to sensitive information.

Remote attackers can exploit this issue to obtain confidential user-authentication credentials.

The issue affects Tomcat 5.5.20; prior versions may also be vulnerable.