[Bug 57573] New: Host Header Internal IP Address Disclosure

bugzilla Wed, 11 Feb 2015 20:28:30 -0800

https://issues.apache.org/bugzilla/show_bug.cgi?id=57573


            Bug ID: 57573
           Summary: Host Header Internal IP Address Disclosure
           Product: Tomcat 6
           Version: 6.0.4
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Connectors
          Assignee: [email protected]
          Reporter: [email protected]

I upgrade my tomcat server to 6.0.41, When accessed the web site using Chrome,
there is some response header in developer tools as below; The security team
said this was a risk and ask it must hide the IP in Parameter Location. Would
you like to correct the issue?

----------the response header from my web site----------------
Response Headersview source
Connection:Keep-alive
Content-Language:zh-CN
Content-Length:0
Content-Type:text/html;charset=UTF-8
Date:Thu, 12 Feb 2015 03:59:20 GMT
Keep-Alive:timeout=15, max=100
Location:http://218.201.202.225/seeyon/index.jsp
Server:Apache-Coyote/1.1
Via:1.1 ID-0001544136376125 uproxy-2

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[Bug 57573] New: Host Header Internal IP Address Disclosure

Reply via email to