https://issues.apache.org/bugzilla/show_bug.cgi?id=57573
Bug ID: 57573
Summary: Host Header Internal IP Address Disclosure
Product: Tomcat 6
Version: 6.0.4
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Connectors
Assignee: dev@tomcat.apache.org
Reporter: 1599409...@qq.com
I upgrade my tomcat server to 6.0.41, When accessed the web site using Chrome,
there is some response header in developer tools as below; The security team
said this was a risk and ask it must hide the IP in Parameter Location. Would
you like to correct the issue?
----------the response header from my web site----------------
Response Headersview source
Connection:Keep-alive
Content-Language:zh-CN
Content-Length:0
Content-Type:text/html;charset=UTF-8
Date:Thu, 12 Feb 2015 03:59:20 GMT
Keep-Alive:timeout=15, max=100
Location:http://218.201.202.225/seeyon/index.jsp
Server:Apache-Coyote/1.1
Via:1.1 ID-0001544136376125 uproxy-2
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
