Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

304 matches found

Prion
Prionadded 2012/01/14 9:55 p.m.25 views

Authentication flaw

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the...

5CVSS6.8AI score0.0854EPSS
Exploits0References26Affected Software1
Prion
Prionadded 2012/01/14 9:55 p.m.23 views

Hardcoded credentials

DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret aka private key, which makes it easier for remote attackers to bypass cryptographic...

4.3CVSS6.7AI score0.0854EPSS
Exploits0References22Affected Software1
NVD
NVDadded 2012/01/14 9:55 p.m.21 views

CVE-2011-5064

DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret aka private key, which makes it easier for remote attackers to bypass cryptographic...

4.3CVSS5.7AI score0.0657EPSS
Exploits0References22
NVD
NVDadded 2012/01/14 9:55 p.m.23 views

CVE-2011-1184

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the...

5CVSS5.7AI score0.0854EPSS
Exploits0References26
NVD
NVDadded 2012/01/14 9:55 p.m.21 views

CVE-2011-5063

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weak...

4.3CVSS5.9AI score0.06631EPSS
Exploits0References22
Cvelist
Cvelistadded 2012/01/14 9:0 p.m.26 views

CVE-2011-5062

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability th...

4.7AI score0.07628EPSS
Exploits0References22
Cvelist
Cvelistadded 2012/01/14 9:0 p.m.26 views

CVE-2011-5063

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weak...

5AI score0.06631EPSS
Exploits0References22
Cvelist
Cvelistadded 2012/01/14 9:0 p.m.23 views

CVE-2011-5064

DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret aka private key, which makes it easier for remote attackers to bypass cryptographic...

4.8AI score0.0657EPSS
Exploits0References22
CVE
CVEadded 2012/01/14 9:0 p.m.103 views

CVE-2011-5064

The vulnerability CVE-2011-5064 affects Apache Tomcat’s HTTP Digest Access Authentication (DigestAuthenticator.java) where Catalina is used as the hard-coded server secret (private key). Affected are Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12. This weakness enables remot...

4.3CVSS4.6AI score0.0657EPSS
Exploits0References22Affected Software1
CVE
CVEadded 2012/01/14 9:0 p.m.103 views

CVE-2011-5063

CVE-2011-5063 describes an issue in Apache Tomcat’s HTTP Digest Access Authentication where the realm values are not checked, enabling bypass of access controls by exploiting a protection space with weaker requirements (distinct from CVE-2011-1184). Related documents (CVE-2011-1184, CVE-2012-5885...

4.3CVSS4.9AI score0.06631EPSS
Exploits0References22Affected Software1
CVE
CVEadded 2012/01/14 9:0 p.m.100 views

CVE-2011-5062

CVE-2011-5062 affects Apache Tomcat’s HTTP Digest Access Authentication. The vulnerability arises because Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 do not check qop values, enabling remote attackers to bypass intended integrity protections via a qop=auth value. This is ...

5CVSS4.6AI score0.07628EPSS
Exploits0References22Affected Software1
Debian CVE
Debian CVEadded 2012/01/14 9:0 p.m.33 views

CVE-2011-5063

Removed by vendor...

4.3CVSS5AI score0.06631EPSS
Exploits0
Debian CVE
Debian CVEadded 2012/01/14 9:0 p.m.41 views

CVE-2011-5064

Removed by vendor...

4.3CVSS5AI score0.0657EPSS
Exploits0
Debian CVE
Debian CVEadded 2012/01/14 9:0 p.m.33 views

CVE-2011-5062

Removed by vendor...

5CVSS5AI score0.07628EPSS
Exploits0
Debian CVE
Debian CVEadded 2012/01/14 9:0 p.m.34 views

CVE-2011-1184

Removed by vendor...

5CVSS5AI score0.0854EPSS
Exploits0
Cvelist
Cvelistadded 2012/01/14 9:0 p.m.23 views

CVE-2011-1184

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the...

4.8AI score0.0854EPSS
Exploits0References26
OpenVAS
OpenVASadded 2011/12/23 12:0 a.m.40 views

RedHat Update for tomcat5 RHSA-2011:1845-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

5CVSS6.3AI score0.10228EPSS
Exploits3References2
OpenVAS
OpenVASadded 2011/12/23 12:0 a.m.37 views

CentOS Update for tomcat5 CESA-2011:1845 centos5 i386

Check for the Version of tomcat5 OpenVAS Vulnerability Test CentOS Update for tomcat5 CESA-2011:1845 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

5CVSS6.2AI score0.10228EPSS
Exploits3References2
OpenVAS
OpenVASadded 2011/12/23 12:0 a.m.30 views

RedHat Update for tomcat5 RHSA-2011:1845-01

Check for the Version of tomcat5 OpenVAS Vulnerability Test RedHat Update for tomcat5 RHSA-2011:1845-01 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

5CVSS6.2AI score0.10228EPSS
Exploits3References2
Tenable Nessus
Tenable Nessusadded 2011/12/23 12:0 a.m.38 views

CentOS 6 : tomcat6 (CESA-2011:1780)

Updated tomcat6 packages that fix several security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

7.5CVSS6.2AI score0.15226EPSS
Exploits2References8
Rows per page
Query Builder