Return-Path: X-Original-To: apmail-tomcat-dev-archive@www.apache.org Delivered-To: apmail-tomcat-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id A9EE31786E for ; Thu, 12 Feb 2015 04:27:46 +0000 (UTC) Received: (qmail 50604 invoked by uid 500); 12 Feb 2015 04:27:46 -0000 Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org Received: (qmail 50517 invoked by uid 500); 12 Feb 2015 04:27:46 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 50507 invoked by uid 99); 12 Feb 2015 04:27:46 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 12 Feb 2015 04:27:46 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED,NORMAL_HTTP_TO_IP X-Spam-Check-By: apache.org Received: from [140.211.11.115] (HELO eir.zones.apache.org) (140.211.11.115) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 12 Feb 2015 04:27:40 +0000 Received: by eir.zones.apache.org (Postfix, from userid 80) id 93DED2389C; Thu, 12 Feb 2015 04:27:20 +0000 (UTC) From: bugzilla@apache.org To: dev@tomcat.apache.org Subject: [Bug 57573] New: Host Header Internal IP Address Disclosure Date: Thu, 12 Feb 2015 04:27:20 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Tomcat 6 X-Bugzilla-Component: Connectors X-Bugzilla-Version: 6.0.4 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: 1599409001@qq.com X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: dev@tomcat.apache.org X-Bugzilla-Target-Milestone: default X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://issues.apache.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-Virus-Checked: Checked by ClamAV on apache.org https://issues.apache.org/bugzilla/show_bug.cgi?id=57573 Bug ID: 57573 Summary: Host Header Internal IP Address Disclosure Product: Tomcat 6 Version: 6.0.4 Hardware: All OS: Linux Status: NEW Severity: normal Priority: P2 Component: Connectors Assignee: dev@tomcat.apache.org Reporter: 1599409001@qq.com I upgrade my tomcat server to 6.0.41, When accessed the web site using Chrome, there is some response header in developer tools as below; The security team said this was a risk and ask it must hide the IP in Parameter Location. Would you like to correct the issue? ----------the response header from my web site---------------- Response Headersview source Connection:Keep-alive Content-Language:zh-CN Content-Length:0 Content-Type:text/html;charset=UTF-8 Date:Thu, 12 Feb 2015 03:59:20 GMT Keep-Alive:timeout=15, max=100 Location:http://218.201.202.225/seeyon/index.jsp Server:Apache-Coyote/1.1 Via:1.1 ID-0001544136376125 uproxy-2 -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org