Описание
ELSA-2013-0640: tomcat5 security update (IMPORTANT)
[0:5.5.23-0jpp.38]
- Resolves: CVE-2012-3439 rhbz#882008 three DIGEST authentication
- implementation
- Resolves: CVE-2012-3546, rhbz#913034 Bypass of security constraints.
- Remove unneeded handling of FORM authentication in RealmBase
Обновленные пакеты
Oracle Linux 5
Oracle Linux ia64
tomcat5
5.5.23-0jpp.38.el5_9
tomcat5-admin-webapps
5.5.23-0jpp.38.el5_9
tomcat5-common-lib
5.5.23-0jpp.38.el5_9
tomcat5-jasper
5.5.23-0jpp.38.el5_9
tomcat5-jasper-javadoc
5.5.23-0jpp.38.el5_9
tomcat5-jsp-2.0-api
5.5.23-0jpp.38.el5_9
tomcat5-jsp-2.0-api-javadoc
5.5.23-0jpp.38.el5_9
tomcat5-server-lib
5.5.23-0jpp.38.el5_9
tomcat5-servlet-2.4-api
5.5.23-0jpp.38.el5_9
tomcat5-servlet-2.4-api-javadoc
5.5.23-0jpp.38.el5_9
tomcat5-webapps
5.5.23-0jpp.38.el5_9
Oracle Linux x86_64
tomcat5
5.5.23-0jpp.38.el5_9
tomcat5-admin-webapps
5.5.23-0jpp.38.el5_9
tomcat5-common-lib
5.5.23-0jpp.38.el5_9
tomcat5-jasper
5.5.23-0jpp.38.el5_9
tomcat5-jasper-javadoc
5.5.23-0jpp.38.el5_9
tomcat5-jsp-2.0-api
5.5.23-0jpp.38.el5_9
tomcat5-jsp-2.0-api-javadoc
5.5.23-0jpp.38.el5_9
tomcat5-server-lib
5.5.23-0jpp.38.el5_9
tomcat5-servlet-2.4-api
5.5.23-0jpp.38.el5_9
tomcat5-servlet-2.4-api-javadoc
5.5.23-0jpp.38.el5_9
tomcat5-webapps
5.5.23-0jpp.38.el5_9
Oracle Linux i386
tomcat5
5.5.23-0jpp.38.el5_9
tomcat5-admin-webapps
5.5.23-0jpp.38.el5_9
tomcat5-common-lib
5.5.23-0jpp.38.el5_9
tomcat5-jasper
5.5.23-0jpp.38.el5_9
tomcat5-jasper-javadoc
5.5.23-0jpp.38.el5_9
tomcat5-jsp-2.0-api
5.5.23-0jpp.38.el5_9
tomcat5-jsp-2.0-api-javadoc
5.5.23-0jpp.38.el5_9
tomcat5-server-lib
5.5.23-0jpp.38.el5_9
tomcat5-servlet-2.4-api
5.5.23-0jpp.38.el5_9
tomcat5-servlet-2.4-api-javadoc
5.5.23-0jpp.38.el5_9
tomcat5-webapps
5.5.23-0jpp.38.el5_9
Связанные CVE
Связанные уязвимости
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
The HTTP Digest Access Authentication implementation in Apache Tomcat ...