DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2012-01-14T21:00:00
Updated: 2024-08-07T00:23:39.835Z
Reserved: 2012-01-14T00:00:00
Link: CVE-2011-5064
Vulnrichment
No data.
NVD
Status : Modified
Published: 2012-01-14T21:55:00.897
Modified: 2024-11-21T01:33:32.640
Link: CVE-2011-5064
Redhat