Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability

Apache Tomcat is prone to a remote information-disclosure vulnerability because the application fails to properly restrict access to sensitive information.

Remote attackers can exploit this issue to obtain confidential user-authentication credentials.

The issue affects Tomcat 5.5.20; prior versions may also be vulnerable.


Privacy Statement
Copyright 2010, SecurityFocus