Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2011-5064

DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.

Published

2012-01-14T21:55:00.897

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

8.6

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-310
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application apache tomcat 5.5.0 Yes
Application apache tomcat 5.5.1 Yes
Application apache tomcat 5.5.2 Yes
Application apache tomcat 5.5.3 Yes
Application apache tomcat 5.5.4 Yes
Application apache tomcat 5.5.5 Yes
Application apache tomcat 5.5.6 Yes
Application apache tomcat 5.5.7 Yes
Application apache tomcat 5.5.8 Yes
Application apache tomcat 5.5.9 Yes
Application apache tomcat 5.5.10 Yes
Application apache tomcat 5.5.11 Yes
Application apache tomcat 5.5.12 Yes
Application apache tomcat 5.5.13 Yes
Application apache tomcat 5.5.14 Yes
Application apache tomcat 5.5.15 Yes
Application apache tomcat 5.5.16 Yes
Application apache tomcat 5.5.17 Yes
Application apache tomcat 5.5.18 Yes
Application apache tomcat 5.5.19 Yes
Application apache tomcat 5.5.20 Yes
Application apache tomcat 5.5.21 Yes
Application apache tomcat 5.5.22 Yes
Application apache tomcat 5.5.23 Yes
Application apache tomcat 5.5.24 Yes
Application apache tomcat 5.5.25 Yes
Application apache tomcat 5.5.26 Yes
Application apache tomcat 5.5.27 Yes
Application apache tomcat 5.5.28 Yes
Application apache tomcat 5.5.29 Yes
Application apache tomcat 5.5.30 Yes
Application apache tomcat 5.5.31 Yes
Application apache tomcat 5.5.32 Yes
Application apache tomcat 5.5.33 Yes
Application apache tomcat 6.0 Yes
Application apache tomcat 6.0.0 Yes
Application apache tomcat 6.0.1 Yes
Application apache tomcat 6.0.2 Yes
Application apache tomcat 6.0.3 Yes
Application apache tomcat 6.0.4 Yes
Application apache tomcat 6.0.5 Yes
Application apache tomcat 6.0.6 Yes
Application apache tomcat 6.0.7 Yes
Application apache tomcat 6.0.8 Yes
Application apache tomcat 6.0.9 Yes
Application apache tomcat 6.0.10 Yes
Application apache tomcat 6.0.11 Yes
Application apache tomcat 6.0.12 Yes
Application apache tomcat 6.0.13 Yes
Application apache tomcat 6.0.14 Yes
Application apache tomcat 6.0.15 Yes
Application apache tomcat 6.0.16 Yes
Application apache tomcat 6.0.17 Yes
Application apache tomcat 6.0.18 Yes
Application apache tomcat 6.0.19 Yes
Application apache tomcat 6.0.20 Yes
Application apache tomcat 6.0.24 Yes
Application apache tomcat 6.0.26 Yes
Application apache tomcat 6.0.27 Yes
Application apache tomcat 6.0.28 Yes
Application apache tomcat 6.0.29 Yes
Application apache tomcat 6.0.30 Yes
Application apache tomcat 6.0.31 Yes
Application apache tomcat 6.0.32 Yes
Application apache tomcat 7.0.0 Yes
Application apache tomcat 7.0.0 Yes
Application apache tomcat 7.0.1 Yes
Application apache tomcat 7.0.2 Yes
Application apache tomcat 7.0.3 Yes
Application apache tomcat 7.0.4 Yes
Application apache tomcat 7.0.5 Yes
Application apache tomcat 7.0.6 Yes
Application apache tomcat 7.0.7 Yes
Application apache tomcat 7.0.8 Yes
Application apache tomcat 7.0.9 Yes
Application apache tomcat 7.0.10 Yes
Application apache tomcat 7.0.11 Yes
References