Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness

Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness

References:

Apache Tomcat Homepage (Apache)
Revision 747840 (markt)
Revision 781379 (markt)
Revision 781382 (markt)
[SECURITY] CVE-2009-0580 Apache Tomcat User enumeration vulnerability with FORM (Mark Thomas )
[SECURITY] CVE-2009-0580 UPDATED Apache Tomcat User enumeration vulnerability wi (Mark Thomas )
VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release addre (VMware Security Team )
263529 (Sun)
Fix list for Webtop Version 2.1 (IBM)
HPSBUX02466 SSRT090192 rev.1 - HP-UX Running Tomcat Servlet Engine (HP)
HPSBUX02579 SSRT100203 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remot (HP)
IBM Rational Quality Manager V2.0.1 for Microsoft Windows and Linux (IBM)
RHSA-2009:1164 tomcat security update (Red Hat)
RHSA-2009:1506-1 tomcat6 security update (Red Hat)

Privacy Statement
Copyright 2010, SecurityFocus