CVE Vulnerabilities

CVE-2011-5064

Published: Jan 14, 2012 | Modified: Nov 07, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.

Affected Software

Name Vendor Start Version End Version
Tomcat Apache 5.5.27 5.5.27
Tomcat Apache 5.5.18 5.5.18
Tomcat Apache 5.5.12 5.5.12
Tomcat Apache 5.5.14 5.5.14
Tomcat Apache 5.5.10 5.5.10
Tomcat Apache 5.5.4 5.5.4
Tomcat Apache 5.5.7 5.5.7
Tomcat Apache 5.5.1 5.5.1
Tomcat Apache 5.5.11 5.5.11
Tomcat Apache 5.5.28 5.5.28
Tomcat Apache 5.5.6 5.5.6
Tomcat Apache 5.5.26 5.5.26
Tomcat Apache 5.5.20 5.5.20
Tomcat Apache 5.5.15 5.5.15
Tomcat Apache 5.5.5 5.5.5
Tomcat Apache 5.5.30 5.5.30
Tomcat Apache 5.5.21 5.5.21
Tomcat Apache 5.5.22 5.5.22
Tomcat Apache 5.5.3 5.5.3
Tomcat Apache 5.5.32 5.5.32
Tomcat Apache 5.5.31 5.5.31
Tomcat Apache 5.5.9 5.5.9
Tomcat Apache 5.5.25 5.5.25
Tomcat Apache 5.5.33 5.5.33
Tomcat Apache 5.5.2 5.5.2
Tomcat Apache 5.5.0 5.5.0
Tomcat Apache 5.5.13 5.5.13
Tomcat Apache 5.5.24 5.5.24
Tomcat Apache 5.5.8 5.5.8
Tomcat Apache 5.5.16 5.5.16
Tomcat Apache 5.5.17 5.5.17
Tomcat Apache 5.5.29 5.5.29
Tomcat Apache 5.5.19 5.5.19
Tomcat Apache 5.5.23 5.5.23

References