Lucene search
K

26 matches found

RedHat Linux
RedHat Linux
added 2013/02/19 8:31 p.m.8 views

tomcat: three DIGEST authentication implementation issues

The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce aka client nonce values instead of nonce aka server nonce and nc aka nonce-count values, which makes it easi...

5CVSS6.1AI score0.0898EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/02/19 8:29 p.m.5 views

tomcat: three DIGEST authentication implementation issues

The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce aka client nonce values instead of nonce aka server nonce and nc aka nonce-count values, which makes it easi...

5CVSS6.1AI score0.0898EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2012/11/17 7:0 p.m.37 views

CVE-2012-5885

Removed by vendor...

5CVSS5.1AI score0.0898EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2012/01/31 10:56 p.m.6 views

tomcat: Multiple weaknesses in HTTP DIGEST authentication

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the...

5CVSS6.2AI score0.0854EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2011/09/26 12:0 a.m.34 views

CVE-2011-1184

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the...

5CVSS6.3AI score0.0854EPSS
Exploits0References3
Apache Tomcat
Apache Tomcat
added 2011/09/22 12:0 a.m.53 views

Fixed in Apache Tomcat 5.5.34

Moderate: Multiple weaknesses in HTTP DIGEST authentication CVE-2011-1184 Note: Mitre elected to break this issue down into multiple issues and have allocated the following additional references to parts of this issue: CVE-2011-5062, CVE-2011-5063 and CVE-2011-5064. The Apache Tomcat security tea...

7.5CVSS6.6AI score0.15226EPSS
Exploits2Affected Software1
Rows per page
Query Builder