Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2011-5063

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://tomcat.apache.o...
CONFIRM: http://tomcat.apache.o...
CONFIRM: http://tomcat.apache.o...
REDHAT: RHSA-2011:1845
SUSE: SUSE-SU-2012:0155
SUSE: openSUSE-SU-2012:0208
DEBIAN: DSA-2401
REDHAT: RHSA-2012:0074
REDHAT: RHSA-2012:0075
REDHAT: RHSA-2012:0076
REDHAT: RHSA-2012:0077
REDHAT: RHSA-2012:0078
REDHAT: RHSA-2012:0325
SECUNIA: 57126
CONFIRM: http://svn.apache.org/...
CONFIRM: http://svn.apache.org/...
CONFIRM: http://svn.apache.org/...
HP: HPSBST02955
MLIST: [tomcat-dev] 20190319 ...
MLIST: [tomcat-dev] 20190325 ...
MLIST: [tomcat-dev] 20200203 ...
MLIST: [tomcat-dev] 20200213 ...

Launchpad.net

CVE 2011-5063

Related bugs

References