tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 57573] New: Host Header Internal IP Address Disclosure
Date Thu, 12 Feb 2015 04:27:20 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=57573

            Bug ID: 57573
           Summary: Host Header Internal IP Address Disclosure
           Product: Tomcat 6
           Version: 6.0.4
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Connectors
          Assignee: dev@tomcat.apache.org
          Reporter: 1599409001@qq.com

I upgrade my tomcat server to 6.0.41, When accessed the web site using Chrome,
there is some response header in developer tools as below; The security team
said this was a risk and ask it must hide the IP in Parameter Location. Would
you like to correct the issue?

----------the response header from my web site----------------
Response Headersview source
Connection:Keep-alive
Content-Language:zh-CN
Content-Length:0
Content-Type:text/html;charset=UTF-8
Date:Thu, 12 Feb 2015 03:59:20 GMT
Keep-Alive:timeout=15, max=100
Location:http://218.201.202.225/seeyon/index.jsp
Server:Apache-Coyote/1.1
Via:1.1 ID-0001544136376125 uproxy-2

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message