5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
69.2%
Moderate: Multiple weaknesses in HTTP DIGEST authentication CVE-2011-1184
Note: Mitre elected to break this issue down into multiple issues and have allocated the following additional references to parts of this issue: CVE-2011-5062, CVE-2011-5063 and CVE-2011-5064. The Apache Tomcat security team will continue to treat this as a single issue using the reference CVE-2011-1184.
The implementation of HTTP DIGEST authentication was discovered to have several weaknesses:
The result of these weaknesses is that DIGEST authentication was only as secure as BASIC authentication.
This was fixed in revision 1158180.
This was identified by the Tomcat security team on 16 March 2011 and made public on 26 September 2011.
Affects: 6.0.0-6.0.32
Low: Information disclosure CVE-2011-2204
When using the MemoryUserDatabase (based on tomcat-users.xml) and creating users via JMX, an exception during the user creation process may trigger an error message in the JMX client that includes the userโs password. This error message is also written to the Tomcat logs. User passwords are visible to administrators with JMX access and/or administrators with read access to the tomcat-users.xml file. Users that do not have these permissions but are able to read log files may be able to discover a userโs password.
This was fixed in revision 1140071.
This was identified by Polina Genova on 14 June 2011 and made public on 27 June 2011.
Affects: 6.0.0-6.0.32
Low: Information disclosure CVE-2011-2526
Tomcat provides support for sendfile with the HTTP NIO and HTTP APR connectors. sendfile is used automatically for content served via the DefaultServlet and deployed web applications may use it directly via setting request attributes. These request attributes were not validated. When running under a security manager, this lack of validation allowed a malicious web application to do one or more of the following that would normally be prevented by a security manager:
Additionally, these vulnerabilities only occur when all of the following are true:
This was fixed in revision 1146703.
This was identified by the Tomcat security team on 7 July 2011 and made public on 13 July 2011.
Affects: 6.0.0-6.0.32
Important: Information disclosure CVE-2011-2729
Due to a bug in the capabilities code, jsvc (the service wrapper for Linux that is part of the Commons Daemon project) does not drop capabilities allowing the application to access files and directories owned by superuser. This vulnerability only occurs when all of the following are true:
Affected Tomcat versions shipped with source files for jsvc that included this vulnerability.
This was fixed in revision 1153824.
This was identified by Wilfried Weissmann on 20 July 2011 and made public on 12 August 2011.
Affects: 6.0.30-6.0.32
CPE | Name | Operator | Version |
---|---|---|---|
apache tomcat | ge | 6.0.0 | |
apache tomcat | ge | 6.0.30 | |
apache tomcat | le | 6.0.32 |