CVE-2016-0762 Apache Tomcat Realm Timing Attack
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.0.M9
Apache Tomcat 8.5.0 to 8.5.4
Apache Tomcat 8.0.0.RC1 to 8.0.36
Apache Tomcat 7.0.0 to 7.0.70
Apache Tomcat 6.0.0 to 6.0.45
Earlier
On 19/01/2010 09:30, Aihong Yin wrote:
> Hi,
>
> I'm using tomcat5.5 and my question is:
> is it possible to implement a realm to identify valid users of a web
> application: the username and password get from LDAP directory server
> central, and the role of the user get from a local file such as
Hi,
I'm using tomcat5.5 and my question is:
is it possible to implement a realm to identify valid users of a web
application: the username and password get from LDAP directory server
central, and the role of the user get from a local file such as
tomcat-user.xml without pasword instead.
best
,
passwords etc.) with tools like Apache Directory Studio.
Feedback from the Tomcat community is appreciated.
Thanks in advance + Greetings from Hamburg,
Stefan
--- Begin Message ---
Hi all,
I have "wrapped" ApacheDS 1.5.5 as an Apache Tomcat Realm.
Source code (a Maven2 project
