Published: 14/01/2012 Updated: 25/03/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x prior to 5.5.34, 6.x prior to 6.0.33, and 7.x prior to 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote malicious users to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache tomcat 5.5.10
apache tomcat 5.5.1
apache tomcat 5.5.6
apache tomcat 5.5.5
apache tomcat 5.5.16
apache tomcat 5.5.13
apache tomcat 5.5.26
apache tomcat 5.5.32
apache tomcat 5.5.28
apache tomcat 5.5.27
apache tomcat 5.5.4
apache tomcat 5.5.29
apache tomcat 5.5.14
apache tomcat 5.5.11
apache tomcat 5.5.12
apache tomcat 5.5.20
apache tomcat 5.5.21
apache tomcat 5.5.0
apache tomcat 5.5.25
apache tomcat 5.5.33
apache tomcat 5.5.7
apache tomcat 5.5.18
apache tomcat 5.5.15
apache tomcat 5.5.22
apache tomcat 5.5.23
apache tomcat 5.5.30
apache tomcat 5.5.9
apache tomcat 5.5.8
apache tomcat 5.5.31
apache tomcat 5.5.17
apache tomcat 5.5.24
apache tomcat 5.5.3
apache tomcat 5.5.19
apache tomcat 5.5.2
apache tomcat 6.0.30
apache tomcat 6.0
apache tomcat 6.0.28
apache tomcat 6.0.17
apache tomcat 6.0.18
apache tomcat 6.0.14
apache tomcat 6.0.6
apache tomcat 6.0.1
apache tomcat 6.0.0
apache tomcat 6.0.32
apache tomcat 6.0.24
apache tomcat 6.0.19
apache tomcat 6.0.16
apache tomcat 6.0.15
apache tomcat 6.0.9
apache tomcat 6.0.29
apache tomcat 6.0.27
apache tomcat 6.0.3
apache tomcat 6.0.12
apache tomcat 6.0.11
apache tomcat 6.0.26
apache tomcat 6.0.2
apache tomcat 6.0.10
apache tomcat 6.0.20
apache tomcat 6.0.7
apache tomcat 6.0.8
apache tomcat 6.0.5
apache tomcat 6.0.4
apache tomcat 6.0.13
apache tomcat 6.0.31
apache tomcat 7.0.0
apache tomcat 7.0.4
apache tomcat 7.0.6
apache tomcat 7.0.1
apache tomcat 7.0.10
apache tomcat 7.0.7
apache tomcat 7.0.9
apache tomcat 7.0.11
apache tomcat 7.0.2
apache tomcat 7.0.8
apache tomcat 7.0.5
apache tomcat 7.0.3

Synopsis Important: jbossweb security update Type/Severity Security Advisory: Important Topic Updated jbossweb packages that fix multiple security issues are nowavailable for JBoss Enterprise Application Platform 512 for Red HatEnterprise Linux 4, 5, and 6The Red Hat Security Response Team has rated this ...

Synopsis Important: jbossweb security update Type/Severity Security Advisory: Important Topic Updated jbossweb packages that fix multiple security issues are nowavailable for JBoss Enterprise Web Platform 512 for Red Hat EnterpriseLinux 4, 5, and 6The Red Hat Security Response Team has rated this update ...

Synopsis Moderate: tomcat5 security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated tomcat5 packages that fix multiple security issues and two bugs arenow available for JBoss Enterprise Web Server 102 for Red HatEnterprise Linux 5 and 6The Red Hat Security Response Team has rat ...

Synopsis Moderate: tomcat6 security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated tomcat6 packages that fix multiple security issues and three bugsare now available for JBoss Enterprise Web Server 102 for Red HatEnterprise Linux 5 and 6The Red Hat Security Response Team has r ...

Synopsis Moderate: tomcat6 security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated tomcat6 packages that fix several security issues and one bug arenow available for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having moderatesecurity imp ...

Synopsis Moderate: tomcat5 security update Type/Severity Security Advisory: Moderate Topic Updated tomcat5 packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerabili ...

CWE-310 http://tomcat.apache.org/security-7.html http://tomcat.apache.org/security-5.html http://svn.apache.org/viewvc?view=rev&rev=1087655 http://svn.apache.org/viewvc?view=rev&rev=1159309 http://tomcat.apache.org/security-6.html http://svn.apache.org/viewvc?view=rev&rev=1158180 http://www.redhat.com/support/errata/RHSA-2011-1845.html http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html http://www.debian.org/security/2012/dsa-2401 http://rhn.redhat.com/errata/RHSA-2012-0074.html http://rhn.redhat.com/errata/RHSA-2012-0075.html http://rhn.redhat.com/errata/RHSA-2012-0325.html http://rhn.redhat.com/errata/RHSA-2012-0076.html http://rhn.redhat.com/errata/RHSA-2012-0078.html http://rhn.redhat.com/errata/RHSA-2012-0077.html http://marc.info/?l=bugtraq&m=139344343412337&w=2 http://secunia.com/advisories/57126 https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2012:0074 http://tools.cisco.com/security/center/viewAlert.x?alertId=25076

CVE-2011-5064

Vulnerability Summary

Most Upvoted Vulmon Research Post

Vendor Advisories

References

Vulmon Search

About

Products

Connect