Published: 14/01/2012 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x prior to 5.5.34, 6.x prior to 6.0.33, and 7.x prior to 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote malicious users to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache tomcat 5.5.27
apache tomcat 5.5.18
apache tomcat 5.5.12
apache tomcat 5.5.14
apache tomcat 5.5.10
apache tomcat 5.5.4
apache tomcat 5.5.7
apache tomcat 5.5.1
apache tomcat 5.5.11
apache tomcat 5.5.28
apache tomcat 5.5.6
apache tomcat 5.5.26
apache tomcat 5.5.20
apache tomcat 5.5.15
apache tomcat 5.5.5
apache tomcat 5.5.30
apache tomcat 5.5.21
apache tomcat 5.5.22
apache tomcat 5.5.3
apache tomcat 5.5.32
apache tomcat 5.5.31
apache tomcat 5.5.9
apache tomcat 5.5.25
apache tomcat 5.5.33
apache tomcat 5.5.2
apache tomcat 5.5.0
apache tomcat 5.5.13
apache tomcat 5.5.24
apache tomcat 5.5.8
apache tomcat 5.5.16
apache tomcat 5.5.17
apache tomcat 5.5.29
apache tomcat 5.5.19
apache tomcat 5.5.23
apache tomcat 6.0.6
apache tomcat 6.0.11
apache tomcat 6.0.7
apache tomcat 6.0.4
apache tomcat 6.0.15
apache tomcat 6.0.20
apache tomcat 6.0.10
apache tomcat 6.0.31
apache tomcat 6.0.29
apache tomcat 6.0.3
apache tomcat 6.0.9
apache tomcat 6.0.24
apache tomcat 6.0.17
apache tomcat 6.0
apache tomcat 6.0.32
apache tomcat 6.0.28
apache tomcat 6.0.0
apache tomcat 6.0.14
apache tomcat 6.0.1
apache tomcat 6.0.12
apache tomcat 6.0.18
apache tomcat 6.0.5
apache tomcat 6.0.30
apache tomcat 6.0.2
apache tomcat 6.0.13
apache tomcat 6.0.26
apache tomcat 6.0.19
apache tomcat 6.0.27
apache tomcat 6.0.16
apache tomcat 6.0.8
apache tomcat 7.0.8
apache tomcat 7.0.1
apache tomcat 7.0.2
apache tomcat 7.0.5
apache tomcat 7.0.0
apache tomcat 7.0.6
apache tomcat 7.0.11
apache tomcat 7.0.7
apache tomcat 7.0.10
apache tomcat 7.0.9
apache tomcat 7.0.4
apache tomcat 7.0.3

Synopsis Moderate: tomcat5 security update Type/Severity Security Advisory: Moderate Topic Updated tomcat5 packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerabili ...

Synopsis Moderate: tomcat6 security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated tomcat6 packages that fix several security issues and one bug arenow available for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having moderatesecurity imp ...

Synopsis Moderate: tomcat5 security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated tomcat5 packages that fix multiple security issues and two bugs arenow available for JBoss Enterprise Web Server 102 for Red HatEnterprise Linux 5 and 6The Red Hat Security Response Team has rat ...

Synopsis Important: jbossweb security update Type/Severity Security Advisory: Important Topic Updated jbossweb packages that fix multiple security issues are nowavailable for JBoss Enterprise Web Platform 512 for Red Hat EnterpriseLinux 4, 5, and 6The Red Hat Security Response Team has rated this update ...

Synopsis Moderate: tomcat6 security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated tomcat6 packages that fix multiple security issues and three bugsare now available for JBoss Enterprise Web Server 102 for Red HatEnterprise Linux 5 and 6The Red Hat Security Response Team has r ...

Synopsis Important: jbossweb security update Type/Severity Security Advisory: Important Topic Updated jbossweb packages that fix multiple security issues are nowavailable for JBoss Enterprise Application Platform 512 for Red HatEnterprise Linux 4, 5, and 6The Red Hat Security Response Team has rated this ...

CWE-310 http://tomcat.apache.org/security-7.html http://tomcat.apache.org/security-5.html http://svn.apache.org/viewvc?view=rev&rev=1087655 http://svn.apache.org/viewvc?view=rev&rev=1159309 http://tomcat.apache.org/security-6.html http://svn.apache.org/viewvc?view=rev&rev=1158180 http://www.redhat.com/support/errata/RHSA-2011-1845.html http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html http://www.debian.org/security/2012/dsa-2401 http://rhn.redhat.com/errata/RHSA-2012-0074.html http://rhn.redhat.com/errata/RHSA-2012-0075.html http://rhn.redhat.com/errata/RHSA-2012-0325.html http://rhn.redhat.com/errata/RHSA-2012-0076.html http://rhn.redhat.com/errata/RHSA-2012-0078.html http://rhn.redhat.com/errata/RHSA-2012-0077.html http://marc.info/?l=bugtraq&m=139344343412337&w=2 http://secunia.com/advisories/57126 https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2011:1845

CVE-2011-5064

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect