Lucene search
+L

959 matches found

RedHat Linux
RedHat Linux
added 2011/12/05 5:39 p.m.12 views

tomcat: Multiple weaknesses in HTTP DIGEST authentication

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weak...

4.3CVSS6.1AI score0.06631EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2011/12/05 5:39 p.m.8 views

tomcat: Multiple weaknesses in HTTP DIGEST authentication

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the...

5CVSS6.2AI score0.0854EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2011/12/05 5:39 p.m.48 views

Moderate: Red Hat Security Advisory: tomcat6 security and bug fix update

Updated tomcat6 packages that fix several security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

7.5CVSS6.4AI score0.15226EPSS
Exploits2References7
Tenable Nessus
Tenable Nessus
added 2011/11/09 12:0 a.m.37 views

Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : tomcat6 vulnerabilities (USN-1252-1)

It was discovered that Tomcat incorrectly implemented HTTP DIGEST authentication. An attacker could use this flaw to perform a variety of authentication attacks. CVE-2011-1184 Polina Genova discovered that Tomcat incorrectly created log entries with passwords when encountering errors during JMX...

7.5CVSS5.7AI score0.15226EPSS
Exploits2References5
OpenVAS
OpenVAS
added 2011/10/21 12:0 a.m.38 views

Mandriva Update for tomcat5 MDVSA-2011:156 (tomcat5)

Check for the Version of tomcat5 OpenVAS Vulnerability Test Mandriva Update for tomcat5 MDVSA-2011:156 tomcat5 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

7.5CVSS6.2AI score0.15226EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2011/10/19 12:0 a.m.44 views

Mandriva Linux Security Advisory : tomcat5 (MDVSA-2011:156)

Multiple vulnerabilities has been discovered and corrected in tomcat 5.5.x : The implementation of HTTP DIGEST authentication in tomcat was discovered to have several weaknesses CVE-2011-1184. Apache Tomcat, when the MemoryUserDatabase is used, creates log entries containing passwords upon...

7.5CVSS5.6AI score0.15226EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2011/09/26 12:0 a.m.47 views

Apache Tomcat 5.5.x < 5.5.34 Multiple Vulnerabilities

According to its self-reported version number, the instance of Apache Tomcat 5.5.x listening on the remote host is prior to 5.5.34. It is, there, affected by multiple vulnerabilities : - Several weaknesses were found in the HTTP Digest authentication implementation. The issues are as follows:...

7.5CVSS6.1AI score0.15226EPSS
Exploits2References9
securityvulns
securityvulns
added 2011/09/26 12:0 a.m.80 views

[SECURITY] CVE-2011-1184 Apache Tomcat - Multiple weaknesses in HTTP DIGEST authentication

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2011-1184 Apache Tomcat - Multiple weaknesses in HTTP DIGEST authentication Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.11 - - Tomcat 6.0.0 to 6.0.32 - - Tomcat 5.5.0 to 5.5.33 - - Earlier,...

5CVSS0.3AI score0.0854EPSS
Exploits0
securityvulns
securityvulns
added 2011/09/26 12:0 a.m.60 views

Apache Tomcat digest authentication vulnerabilities

Multiple implementation errors make authentication vulnerable to different attacks...

5CVSS5.4AI score0.0854EPSS
Exploits0References1Affected Software1
Apache Tomcat
Apache Tomcat
added 2011/09/22 12:0 a.m.57 views

Fixed in Apache Tomcat 5.5.34

Moderate: Multiple weaknesses in HTTP DIGEST authentication CVE-2011-1184 Note: Mitre elected to break this issue down into multiple issues and have allocated the following additional references to parts of this issue: CVE-2011-5062, CVE-2011-5063 and CVE-2011-5064. The Apache Tomcat security tea...

7.5CVSS6.6AI score0.15226EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessus
added 2011/08/30 12:0 a.m.51 views

Apache Tomcat 6.0.x < 6.0.33 Multiple Vulnerabilities

According to its self-reported version number, the instance of Apache Tomcat 6.0.x listening on the remote host is prior to 6.0.33. It is, therefore, affected by multiple vulnerabilities : - Several weaknesses were found in the HTTP Digest authentication implementation. The issues are as follows:...

5CVSS5.8AI score0.0854EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2011/08/18 12:0 a.m.8 views

PT-2011-2926 · Apache +4 · Apache Tomcat +4

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 5.5.x through 5.5.33 Apache Tomcat versions 6.x through 6.0.32 Apache Tomcat versions 7.x through 7.0.11 Description: The issue concerns the HTTP Digest Access Authentication implementation, which lacks proper...

7.5CVSS5.7AI score0.9444EPSS
Exploits38References100
RedHat Linux
RedHat Linux
added 2011/06/22 11:31 p.m.6 views

tomcat: information disclosure in authentication headers

Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires 1 BASIC or 2 DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the rep...

2.6CVSS6.1AI score0.52507EPSS
Exploits6References4
RedHat Linux
RedHat Linux
added 2011/06/22 11:14 p.m.7 views

tomcat: information disclosure in authentication headers

Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires 1 BASIC or 2 DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the rep...

2.6CVSS6.1AI score0.52507EPSS
Exploits6References4
Tenable Nessus
Tenable Nessus
added 2011/04/07 12:0 a.m.34 views

Apache Tomcat 7.0.x < 7.0.12 Multiple Vulnerabilities

Binary data 5882.pasl...

5.8CVSS4.9AI score0.06156EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2010/08/02 8:18 p.m.6 views

tomcat: information disclosure in authentication headers

Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires 1 BASIC or 2 DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the rep...

2.6CVSS6.1AI score0.52507EPSS
Exploits6References4
Positive Technologies
Positive Technologies
added 2010/04/23 12:0 a.m.10 views

PT-2010-2872 · Apache +1 · Apache Tomcat +1

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 5.5.0 through 5.5.29 Apache Tomcat versions 6.0.0 through 6.0.26 Description: The issue allows remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires either...

7.5CVSS5.3AI score0.9444EPSS
Exploits38References86
0day.today
0day.today
added 2010/04/22 12:0 a.m.37 views

Apache Tomcat v. 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 information disclosure

Exploit for multiple platform in category remote exploits ======================================================================================= Apache Tomcat v. 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 information disclosure vulnerability...

7.1AI score0.52507EPSS
Exploits6
exploitpack
exploitpack
added 2010/04/22 12:0 a.m.118 views

Apache Tomcat 5.5.0 5.5.29 6.0.0 6.0.26 - Information Disclosure

Apache Tomcat 5.5.0 5.5.29 6.0.0 6.0.26 - Information Disclosure CVE-2010-1157: Apache Tomcat information disclosure vulnerability Severity: Low Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 6.0.0 to 6.0.26 - - Tomcat 5.5.0 to 5.5.29 Note: The unsupported Tomcat 3.x, 4.x an...

2.6CVSS5AI score0.52507EPSS
Exploits6
FreeBSD
FreeBSD
added 2010/04/22 12:0 a.m.53 views

tomcat -- information disclosure vulnerability

The Apache software foundation reports: The "WWW-Authenticate" header for BASIC and DIGEST authentication includes a realm name. If a element is specified for the application in web.xml it will be used. However, a is not specified then Tomcat will generate one. In some circumstances this can expo...

2.6CVSS6.2AI score0.52507EPSS
Exploits6References1
Rows per page
Query Builder