The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
References
Link Providers
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html cve-icon cve-icon
http://marc.info/?l=bugtraq&m=139344343412337&w=2 cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2012-0074.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2012-0075.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2012-0076.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2012-0077.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2012-0078.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2012-0325.html cve-icon cve-icon
http://secunia.com/advisories/57126 cve-icon cve-icon
http://svn.apache.org/viewvc?view=rev&rev=1087655 cve-icon cve-icon
http://svn.apache.org/viewvc?view=rev&rev=1158180 cve-icon cve-icon
http://svn.apache.org/viewvc?view=rev&rev=1159309 cve-icon cve-icon
http://tomcat.apache.org/security-5.html cve-icon cve-icon
http://tomcat.apache.org/security-6.html cve-icon cve-icon
http://tomcat.apache.org/security-7.html cve-icon cve-icon
http://www.debian.org/security/2012/dsa-2401 cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2011-1845.html cve-icon cve-icon
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2011-5063 cve-icon
https://www.cve.org/CVERecord?id=CVE-2011-5063 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-01-14T21:00:00

Updated: 2024-08-07T00:23:39.939Z

Reserved: 2012-01-14T00:00:00

Link: CVE-2011-5063

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2012-01-14T21:55:00.850

Modified: 2024-11-21T01:33:32.437

Link: CVE-2011-5063

cve-icon Redhat

Severity : Moderate

Publid Date: 2011-09-26T00:00:00Z

Links: CVE-2011-5063 - Bugzilla