Lucene search

K
ubuntucveUbuntu.comUB:CVE-2011-1184
HistorySep 26, 2011 - 12:00 a.m.

CVE-2011-1184

2011-09-2600:00:00
ubuntu.com
ubuntu.com
7

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

54.4%

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x
before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the
expected countermeasures against replay attacks, which makes it easier for
remote attackers to bypass intended access restrictions by sniffing the
network for valid requests, related to lack of checking of nonce (aka
server nonce) and nc (aka nonce-count or client nonce count) values.

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchtomcat6< 6.0.24-2ubuntu1.9UNKNOWN
ubuntu10.10noarchtomcat6< 6.0.28-2ubuntu1.5UNKNOWN
ubuntu11.04noarchtomcat6< 6.0.28-10ubuntu2.2UNKNOWN
ubuntu11.10noarchtomcat6< 6.0.32-5ubuntu1.1UNKNOWN

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

54.4%

Related for UB:CVE-2011-1184