959 matches found
tomcat: Multiple weaknesses in HTTP DIGEST authentication
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weak...
tomcat: Multiple weaknesses in HTTP DIGEST authentication
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the...
Moderate: Red Hat Security Advisory: tomcat6 security and bug fix update
Updated tomcat6 packages that fix several security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...
Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : tomcat6 vulnerabilities (USN-1252-1)
It was discovered that Tomcat incorrectly implemented HTTP DIGEST authentication. An attacker could use this flaw to perform a variety of authentication attacks. CVE-2011-1184 Polina Genova discovered that Tomcat incorrectly created log entries with passwords when encountering errors during JMX...
Mandriva Update for tomcat5 MDVSA-2011:156 (tomcat5)
Check for the Version of tomcat5 OpenVAS Vulnerability Test Mandriva Update for tomcat5 MDVSA-2011:156 tomcat5 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...
Mandriva Linux Security Advisory : tomcat5 (MDVSA-2011:156)
Multiple vulnerabilities has been discovered and corrected in tomcat 5.5.x : The implementation of HTTP DIGEST authentication in tomcat was discovered to have several weaknesses CVE-2011-1184. Apache Tomcat, when the MemoryUserDatabase is used, creates log entries containing passwords upon...
Apache Tomcat 5.5.x < 5.5.34 Multiple Vulnerabilities
According to its self-reported version number, the instance of Apache Tomcat 5.5.x listening on the remote host is prior to 5.5.34. It is, there, affected by multiple vulnerabilities : - Several weaknesses were found in the HTTP Digest authentication implementation. The issues are as follows:...
[SECURITY] CVE-2011-1184 Apache Tomcat - Multiple weaknesses in HTTP DIGEST authentication
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2011-1184 Apache Tomcat - Multiple weaknesses in HTTP DIGEST authentication Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.11 - - Tomcat 6.0.0 to 6.0.32 - - Tomcat 5.5.0 to 5.5.33 - - Earlier,...
Apache Tomcat digest authentication vulnerabilities
Multiple implementation errors make authentication vulnerable to different attacks...
Fixed in Apache Tomcat 5.5.34
Moderate: Multiple weaknesses in HTTP DIGEST authentication CVE-2011-1184 Note: Mitre elected to break this issue down into multiple issues and have allocated the following additional references to parts of this issue: CVE-2011-5062, CVE-2011-5063 and CVE-2011-5064. The Apache Tomcat security tea...
Apache Tomcat 6.0.x < 6.0.33 Multiple Vulnerabilities
According to its self-reported version number, the instance of Apache Tomcat 6.0.x listening on the remote host is prior to 6.0.33. It is, therefore, affected by multiple vulnerabilities : - Several weaknesses were found in the HTTP Digest authentication implementation. The issues are as follows:...
PT-2011-2926 · Apache +4 · Apache Tomcat +4
Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 5.5.x through 5.5.33 Apache Tomcat versions 6.x through 6.0.32 Apache Tomcat versions 7.x through 7.0.11 Description: The issue concerns the HTTP Digest Access Authentication implementation, which lacks proper...
tomcat: information disclosure in authentication headers
Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires 1 BASIC or 2 DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the rep...
tomcat: information disclosure in authentication headers
Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires 1 BASIC or 2 DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the rep...
Apache Tomcat 7.0.x < 7.0.12 Multiple Vulnerabilities
Binary data 5882.pasl...
tomcat: information disclosure in authentication headers
Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires 1 BASIC or 2 DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the rep...
PT-2010-2872 · Apache +1 · Apache Tomcat +1
Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 5.5.0 through 5.5.29 Apache Tomcat versions 6.0.0 through 6.0.26 Description: The issue allows remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires either...
Apache Tomcat v. 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 information disclosure
Exploit for multiple platform in category remote exploits ======================================================================================= Apache Tomcat v. 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 information disclosure vulnerability...
Apache Tomcat 5.5.0 5.5.29 6.0.0 6.0.26 - Information Disclosure
Apache Tomcat 5.5.0 5.5.29 6.0.0 6.0.26 - Information Disclosure CVE-2010-1157: Apache Tomcat information disclosure vulnerability Severity: Low Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 6.0.0 to 6.0.26 - - Tomcat 5.5.0 to 5.5.29 Note: The unsupported Tomcat 3.x, 4.x an...
tomcat -- information disclosure vulnerability
The Apache software foundation reports: The "WWW-Authenticate" header for BASIC and DIGEST authentication includes a realm name. If a element is specified for the application in web.xml it will be used. However, a is not specified then Tomcat will generate one. In some circumstances this can expo...