The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
lists.opensuse.org/opensuse-updates/2012-12/msg00089.html
lists.opensuse.org/opensuse-updates/2012-12/msg00090.html
lists.opensuse.org/opensuse-updates/2013-01/msg00037.html
marc.info/?l=bugtraq&m=136485229118404&w=2
marc.info/?l=bugtraq&m=136612293908376&w=2
rhn.redhat.com/errata/RHSA-2013-0623.html
rhn.redhat.com/errata/RHSA-2013-0629.html
rhn.redhat.com/errata/RHSA-2013-0631.html
rhn.redhat.com/errata/RHSA-2013-0632.html
rhn.redhat.com/errata/RHSA-2013-0633.html
rhn.redhat.com/errata/RHSA-2013-0640.html
rhn.redhat.com/errata/RHSA-2013-0647.html
rhn.redhat.com/errata/RHSA-2013-0648.html
rhn.redhat.com/errata/RHSA-2013-0726.html
secunia.com/advisories/51371
svn.apache.org/viewvc?view=revision&revision=1377807
svn.apache.org/viewvc?view=revision&revision=1380829
svn.apache.org/viewvc?view=revision&revision=1392248
tomcat.apache.org/security-5.html
tomcat.apache.org/security-6.html
tomcat.apache.org/security-7.html
www-01.ibm.com/support/docview.wss?uid=swg21626891
www.securityfocus.com/bid/56403
www.ubuntu.com/usn/USN-1637-1
exchange.xforce.ibmcloud.com/vulnerabilities/80408
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19432