Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2011-5064

Опубликовано: 14 янв. 2012
Источник: ubuntu
Приоритет: medium
CVSS2: 4.3

Описание

DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.

РелизСтатусПримечание
devel

DNE

hardy

ignored

end of life
lucid

DNE

maverick

DNE

natty

DNE

oneiric

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

released

6.0.32-6ubuntu1
hardy

DNE

lucid

released

6.0.24-2ubuntu1.9
maverick

released

6.0.28-2ubuntu1.5
natty

released

6.0.28-10ubuntu2.2
oneiric

released

6.0.32-5ubuntu1.1
upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

not-affected

7.0.23-1
hardy

DNE

lucid

DNE

maverick

DNE

natty

DNE

oneiric

not-affected

7.0.21-1
upstream

needs-triage

Показывать по

Ссылки на источники

4.3 Medium

CVSS2

Связанные уязвимости

redhat логотип

CVE-2011-5064

redhat
больше 13 лет назад

DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.

nvd логотип

CVE-2011-5064

nvd
больше 13 лет назад

DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.

debian логотип

CVE-2011-5064

debian
больше 13 лет назад

DigestAuthenticator.java in the HTTP Digest Access Authentication impl ...

github логотип

GHSA-6cr4-7c7p-p3xv

github
около 3 лет назад

Use of Hard-coded Cryptographic Key in Apache Tomcat

oracle-oval логотип

ELSA-2011-1845

oracle-oval
больше 13 лет назад

ELSA-2011-1845: tomcat5 security update (MODERATE)

4.3 Medium

CVSS2