4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
67.4%
DigestAuthenticator.java in the HTTP Digest Access Authentication
implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and
7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka
private key), which makes it easier for remote attackers to bypass
cryptographic protection mechanisms by leveraging knowledge of this string,
a different vulnerability than CVE-2011-1184.
Author | Note |
---|---|
sbeattie | MITRE split this out from CVE-2011-1184. |