DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.

OSVersionArchitecturePackageVersionFilename
Debian9alltomcat7< 7.0.75-1tomcat7_7.0.75-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	all	tomcat7	< 7.0.75-1	tomcat7_7.0.75-1_all.deb

cve 5

osv 6

ubuntucve 5

github 5

prion 5

openvas 33

suse 2

nessus 26

securityvulns 2

veracode 2

debiancve 4

redhat 10

oraclelinux 3

centos 2

tomcat 3

amazon 1

fedora 2

debian 1

ubuntu 1

f5 1

ibm 3

gentoo 1

cve

CVE-2011-5064

2012-01-14 21:55:00

CVE-2011-1184

2012-01-14 21:55:00

CVE-2012-5885

2012-11-17 19:55:00

osv

Use of Hard-coded Cryptographic Key in Apache Tomcat

2022-05-14 01:17:03

Authentication Bypass in Apache Tomcat

2022-05-14 01:17:02

Improper Access Control in Apache Tomcat

2022-05-17 00:57:35

ubuntucve

CVE-2011-5064

2012-01-14 00:00:00

CVE-2011-1184

2011-09-26 00:00:00

CVE-2011-5063

2012-01-14 00:00:00

github

Use of Hard-coded Cryptographic Key in Apache Tomcat

2022-05-14 01:17:03

Authentication Bypass in Apache Tomcat

2022-05-14 01:17:02

Improper Authentication in Apache Tomcat

2022-05-14 01:17:03

prion

Hardcoded credentials

2012-01-14 21:55:00

Authentication flaw

2012-01-14 21:55:00

Authentication flaw

2012-01-14 21:55:00

openvas

SUSE: Security Advisory (SUSE-SU-2012:0155-1)

2021-06-09 00:00:00

Apache Tomcat Multiple Security Bypass Vulnerabilities - Windows

2012-01-16 00:00:00

openSUSE: Security Advisory for tomcat6 (openSUSE-SU-2012:0208-1)

2012-08-02 00:00:00

suse

tomcat6: Fix multiple weaknesses in HTTP DIGESTS (important)

2012-02-09 19:09:55

Security update for tomcat6 (important)

2012-02-07 04:08:27

nessus

SuSE 11.1 Security Update : tomcat6 (SAT Patch Number 5759)

2012-02-07 00:00:00

openSUSE Security Update : tomcat6 (openSUSE-SU-2012:0208-1)

2014-06-13 00:00:00

Fedora 16 : tomcat6-6.0.35-1.fc16 (2012-7593)

2012-08-10 00:00:00

securityvulns

Apache Tomcat digest authentication vulnerabilities

2011-09-26 00:00:00

[SECURITY] CVE-2011-1184 Apache Tomcat - Multiple weaknesses in HTTP DIGEST authentication

2011-09-26 00:00:00

veracode

Authentication Bypass By Sniffing Valid Network Requests

2019-01-15 08:51:25

Authentication Bypass In The Replay-countermeasure Functionality

2019-01-15 09:00:03

debiancve

CVE-2011-1184

2012-01-14 21:55:00

CVE-2011-5062

2012-01-14 21:55:00

CVE-2011-5063

2012-01-14 21:55:00

redhat

(RHSA-2012:0041) Moderate: jbossweb security update

2012-01-19 17:20:26

(RHSA-2011:1780) Moderate: tomcat6 security and bug fix update

2011-12-05 00:00:00

(RHSA-2011:1845) Moderate: tomcat5 security update

2011-12-20 00:00:00

oraclelinux

tomcat6 security and bug fix update

2011-12-05 00:00:00

tomcat5 security update

2011-12-20 00:00:00

tomcat5 security update

2012-04-11 00:00:00

centos

tomcat5 security update

2011-12-20 19:18:57

tomcat6 security update

2011-12-22 16:00:12

tomcat

Fixed in Apache Tomcat 6.0.33

2011-08-18 00:00:00

Fixed in Apache Tomcat 7.0.12

2011-04-06 00:00:00

Fixed in Apache Tomcat 5.5.34

2011-09-22 00:00:00

amazon

Important: tomcat6

2011-12-02 22:21:00

fedora

[SECURITY] Fedora 16 Update: tomcat6-6.0.35-1.fc16

2012-08-09 23:11:34

[SECURITY] Fedora 15 Update: tomcat6-6.0.32-10.fc15

2011-11-10 17:33:27

debian

[SECURITY] [DSA 2401-1] tomcat6 security update

2012-02-02 19:29:50

ubuntu

Tomcat vulnerabilities

2011-11-08 00:00:00

K54891070 : Tomcat vulnerabilities CVE-2012-5885, CVE-2012-5886, and CVE-2012-5887

2017-10-11 00:00:00

ibm

Security Bulletin: Storwize V7000 Unified V1.3.2.3 and V1.4.0.0 Include Fixes for Multiple Vendor Security Vulnerabilities

2022-09-26 04:23:14

Security Bulletin: Apache Log4j Vulnerabilities Affect IBM Sterling B2B Integrator

2021-10-06 14:56:49

Security Bulletin: SONAS Update Includes Fixes for Multiple Vendor Security Vulnerabilities

2022-09-26 04:23:14

gentoo

Apache Tomcat: Multiple vulnerabilities

2012-06-24 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

JSON

Related for DEBIANCVE:CVE-2011-5064