CVE-2011-5063
Apache Tomcat 5.5.x < 5.5.34, 6.x < 6.0.33, 7.x < 7.0.12 - Access Bypass via HTTP Digest Auth
Title source: llmDescription
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
References (22)
Core 22
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0325.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0078.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0075.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0074.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0076.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0077.html
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2012/dsa-2401
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html
Patch x_refsource_confirm
http://svn.apache.org/viewvc?view=rev&rev=1159309
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-1845.html
Patch x_refsource_confirm
http://svn.apache.org/viewvc?view=rev&rev=1158180
Vendor Advisory x_refsource_confirm
http://tomcat.apache.org/security-7.html
Patch x_refsource_confirm
http://svn.apache.org/viewvc?view=rev&rev=1087655
Vendor Advisory x_refsource_confirm
http://tomcat.apache.org/security-6.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/57126
Vendor Advisory x_refsource_confirm
http://tomcat.apache.org/security-5.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html
Mailing List vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=139344343412337&w=2
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
Scores
EPSS
0.0663
EPSS Percentile
93.0%
Details
CWE
CWE-287
Status
published
Products (50)
apache/tomcat
5.5.0
apache/tomcat
5.5.1
apache/tomcat
5.5.2
apache/tomcat
5.5.3
apache/tomcat
5.5.4
apache/tomcat
5.5.5
apache/tomcat
5.5.6
apache/tomcat
5.5.7
apache/tomcat
5.5.8
apache/tomcat
5.5.9
... and 40 more
Published
Jan 14, 2012
Tracked Since
Feb 18, 2026