Lucene search

K
ubuntucveUbuntu.comUB:CVE-2011-1184
HistorySep 26, 2011 - 12:00 a.m.

CVE-2011-1184

2011-09-2600:00:00
ubuntu.com
ubuntu.com
17

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.002

Percentile

55.4%

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x
before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the
expected countermeasures against replay attacks, which makes it easier for
remote attackers to bypass intended access restrictions by sniffing the
network for valid requests, related to lack of checking of nonce (aka
server nonce) and nc (aka nonce-count or client nonce count) values.

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchtomcat6< 6.0.24-2ubuntu1.9UNKNOWN
ubuntu10.10noarchtomcat6< 6.0.28-2ubuntu1.5UNKNOWN
ubuntu11.04noarchtomcat6< 6.0.28-10ubuntu2.2UNKNOWN
ubuntu11.10noarchtomcat6< 6.0.32-5ubuntu1.1UNKNOWN

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.002

Percentile

55.4%