7 High
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
68.9%
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html
lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html
rhn.redhat.com/errata/RHSA-2012-0074.html
rhn.redhat.com/errata/RHSA-2012-0075.html
rhn.redhat.com/errata/RHSA-2012-0076.html
rhn.redhat.com/errata/RHSA-2012-0077.html
rhn.redhat.com/errata/RHSA-2012-0078.html
rhn.redhat.com/errata/RHSA-2012-0325.html
secunia.com/advisories/57126
svn.apache.org/viewvc?view=rev&rev=1087655
svn.apache.org/viewvc?view=rev&rev=1158180
svn.apache.org/viewvc?view=rev&rev=1159309
tomcat.apache.org/security-5.html
tomcat.apache.org/security-6.html
tomcat.apache.org/security-7.html
www.debian.org/security/2012/dsa-2401
www.redhat.com/support/errata/RHSA-2011-1845.html
lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
marc.info/?l=bugtraq&m=139344343412337&w=2