Launchpad CVE tracker

CVE 2011-1184

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.

Related bugs and status

CVE-2011-1184 (Candidate) is related to these bugs:

Bug #843701: CVE-2011-3190 Apache Tomcat Authentication bypass and information disclosure

		In	Importance	Status
843701	CVE-2011-3190 Apache Tomcat Authentication bypass and information disclosure	tomcat6 (Ubuntu)	Undecided	Fix Released
843701	CVE-2011-3190 Apache Tomcat Authentication bypass and information disclosure	tomcat7 (Ubuntu)	Undecided	Fix Released
843701	CVE-2011-3190 Apache Tomcat Authentication bypass and information disclosure	tomcat6 (Ubuntu Hardy)	Undecided	Invalid
843701	CVE-2011-3190 Apache Tomcat Authentication bypass and information disclosure	tomcat7 (Ubuntu Hardy)	Undecided	Invalid
843701	CVE-2011-3190 Apache Tomcat Authentication bypass and information disclosure	tomcat6 (Ubuntu Lucid)	Undecided	Fix Released
843701	CVE-2011-3190 Apache Tomcat Authentication bypass and information disclosure	tomcat7 (Ubuntu Lucid)	Undecided	Invalid
843701	CVE-2011-3190 Apache Tomcat Authentication bypass and information disclosure	tomcat6 (Ubuntu Natty)	Undecided	Fix Released
843701	CVE-2011-3190 Apache Tomcat Authentication bypass and information disclosure	tomcat7 (Ubuntu Natty)	Undecided	Invalid
843701	CVE-2011-3190 Apache Tomcat Authentication bypass and information disclosure	tomcat6 (Ubuntu Maverick)	Undecided	Fix Released
843701	CVE-2011-3190 Apache Tomcat Authentication bypass and information disclosure	tomcat7 (Ubuntu Maverick)	Undecided	Invalid
843701	CVE-2011-3190 Apache Tomcat Authentication bypass and information disclosure	tomcat6 (Ubuntu Oneiric)	Undecided	Fix Released
843701	CVE-2011-3190 Apache Tomcat Authentication bypass and information disclosure	tomcat7 (Ubuntu Oneiric)	Undecided	Fix Released
843701	CVE-2011-3190 Apache Tomcat Authentication bypass and information disclosure	tomcat5.5 (Ubuntu)	Undecided	Invalid
843701	CVE-2011-3190 Apache Tomcat Authentication bypass and information disclosure	tomcat5.5 (Ubuntu Hardy)	Undecided	Fix Released
843701	CVE-2011-3190 Apache Tomcat Authentication bypass and information disclosure	tomcat5.5 (Ubuntu Lucid)	Undecided	Invalid
843701	CVE-2011-3190 Apache Tomcat Authentication bypass and information disclosure	tomcat5.5 (Ubuntu Maverick)	Undecided	Invalid
843701	CVE-2011-3190 Apache Tomcat Authentication bypass and information disclosure	tomcat5.5 (Ubuntu Natty)	Undecided	Invalid
843701	CVE-2011-3190 Apache Tomcat Authentication bypass and information disclosure	tomcat5.5 (Ubuntu Oneiric)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2011-1184

References