tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From thulasiram k <ktr...@gmail.com>
Subject Help requested to fix the tomcat vulnerability
Date Tue, 05 Nov 2019 14:29:53 GMT
Hi,

we have installed tomcat 7.0.94 on windows 2016 and no SSL enabled. But
while qualys scan we found the below vulnerability. can you guide how can
we fix it.

1)
QID : 86763 - Web Server Uses Plain Text Basic Authentication
Impact : Using Readable Clear Text can help eavesdropping and thereby
compromise confidentiality.
An attacker can successfully exploit this issue when the 401 error is
returned when authentication is required. Also, an attacker can find out
that the Basic Authentication scheme is used using the WWW-authenticate
header.

I can see requests are redirecting to 8443 from server.xml

<Connector port="8080" protocol="HTTP/1.1"

connectionTimeout="20000"

redirectPort="8443" />
let me know if you have any suggestions.

Thanks
Ram

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message