|
Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
Attackers can use readily available tools to exploit this issue. The following example POST data is available: POST /j_security_check HTTP/1.1 Host: www.example.com j_username=tomcat&j_password=% |
|
|
Privacy Statement |
