304 matches found
CVE-2012-5886
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to...
Authentication flaw
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended...
CVE-2012-5885
The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce aka client nonce values instead of nonce aka server nonce and nc aka nonce-count values, which makes it easi...
CVE-2012-5886
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to...
CVE-2012-5887
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended...
CVE-2012-5886
CVE-2012-5886 (Apache Tomcat) is an authentication bypass issue in the Digest Access Authentication implementation. It occurs because the HTTP Digest Auth stores information about the authenticated user in the session state, enabling remote attackers to bypass authentication by exploiting session...
CVE-2012-5887
Removed by vendor...
CVE-2012-5886
Removed by vendor...
CVE-2012-5887
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended...
CVE-2012-1184
Stack-based buffer overflow in the astparsedigest function in main/utils.c in Asterisk 1.8.x before 1.8.10.1 and 10.x before 10.2.1 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a long string in an HTTP Digest Authentication header...
CVE-2012-1184
Stack-based buffer overflow in the astparsedigest function in main/utils.c in Asterisk 1.8.x before 1.8.10.1 and 10.x before 10.2.1 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a long string in an HTTP Digest Authentication header...
CVE-2012-1184
Stack-based buffer overflow in the astparsedigest function in main/utils.c in Asterisk 1.8.x before 1.8.10.1 and 10.x before 10.2.1 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a long string in an HTTP Digest Authentication header...
Stack overflow
Stack-based buffer overflow in the astparsedigest function in main/utils.c in Asterisk 1.8.x before 1.8.10.1 and 10.x before 10.2.1 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a long string in an HTTP Digest Authentication header...
CVE-2012-1184
Stack-based buffer overflow in the astparsedigest function in main/utils.c in Asterisk 1.8.x before 1.8.10.1 and 10.x before 10.2.1 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a long string in an HTTP Digest Authentication header...
FreeBSD Ports: rubygem-actionpack
The remote host is missing an update to the system as announced in the referenced advisory. VID ae2fa87c-4bca-4138-8be1-67ce2a19b3a8 OpenVAS Vulnerability Test $ Description: Auto generated from VID ae2fa87c-4bca-4138-8be1-67ce2a19b3a8 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...
Fedora 16 : tomcat6-6.0.35-1.fc16 (2012-7593)
Update to tomcat 6.0.35 CVE-2011-1184 multiple weaknesses in HTTP DIGEST authentication Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible witho...
SuSE Update for tomcat6 openSUSE-SU-2012:0208-1 (tomcat6)
Check for the Version of tomcat6 OpenVAS Vulnerability Test $Id: gbsuse201202081.nasl 8265 2018-01-01 06:29:23Z teissa $ SuSE Update for tomcat6 openSUSE-SU-2012:0208-1 tomcat6 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This progr...
Scientific Linux Security Update : tomcat6 on SL6.x
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. APR Apache Portable Runtime as mentioned in the CVE-2011-3190 and CVE-2011-2526 descriptions does not refer to APR provided by the apr packages. It refers to the implementation of APR provided by the...
Scientific Linux Security Update : tomcat5 on SL5.x i386/x86_64
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. It was found that web applications could modify the location of the Tomcat host's work directory. As web applications deployed on Tomcat have read and write access to this directory, a malicious web...
CentOS Update for tomcat6 CESA-2011:1780 centos6
Check for the Version of tomcat6 OpenVAS Vulnerability Test CentOS Update for tomcat6 CESA-2011:1780 centos6 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...