CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
67.8%
DigestAuthenticator.java in the HTTP Digest Access Authentication
implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and
7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka
private key), which makes it easier for remote attackers to bypass
cryptographic protection mechanisms by leveraging knowledge of this string,
a different vulnerability than CVE-2011-1184.
Author | Note |
---|---|
sbeattie | MITRE split this out from CVE-2011-1184. |