CVE-2011-5063

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
VendorProductVersion
apachetomcat
5.5.0
apachetomcat
5.5.1
apachetomcat
5.5.2
apachetomcat
5.5.3
apachetomcat
5.5.4
apachetomcat
5.5.5
apachetomcat
5.5.6
apachetomcat
5.5.7
apachetomcat
5.5.8
apachetomcat
5.5.9
apachetomcat
5.5.10
apachetomcat
5.5.11
apachetomcat
5.5.12
apachetomcat
5.5.13
apachetomcat
5.5.14
apachetomcat
5.5.15
apachetomcat
5.5.16
apachetomcat
5.5.17
apachetomcat
5.5.18
apachetomcat
5.5.19
apachetomcat
5.5.20
apachetomcat
5.5.21
apachetomcat
5.5.22
apachetomcat
5.5.23
apachetomcat
5.5.24
apachetomcat
5.5.25
apachetomcat
5.5.26
apachetomcat
5.5.27
apachetomcat
5.5.28
apachetomcat
5.5.29
apachetomcat
5.5.30
apachetomcat
5.5.31
apachetomcat
5.5.32
apachetomcat
5.5.33
apachetomcat
6.0
apachetomcat
6.0.0
apachetomcat
6.0.1
apachetomcat
6.0.2
apachetomcat
6.0.3
apachetomcat
6.0.4
apachetomcat
6.0.5
apachetomcat
6.0.6
apachetomcat
6.0.7
apachetomcat
6.0.8
apachetomcat
6.0.9
apachetomcat
6.0.10
apachetomcat
6.0.11
apachetomcat
6.0.12
apachetomcat
6.0.13
apachetomcat
6.0.14
apachetomcat
6.0.15
apachetomcat
6.0.16
apachetomcat
6.0.17
apachetomcat
6.0.18
apachetomcat
6.0.19
apachetomcat
6.0.20
apachetomcat
6.0.24
apachetomcat
6.0.26
apachetomcat
6.0.27
apachetomcat
6.0.28
apachetomcat
6.0.29
apachetomcat
6.0.30
apachetomcat
6.0.31
apachetomcat
6.0.32
apachetomcat
7.0.0
apachetomcat
7.0.0:beta
apachetomcat
7.0.1
apachetomcat
7.0.2
apachetomcat
7.0.3
apachetomcat
7.0.4
apachetomcat
7.0.5
apachetomcat
7.0.6
apachetomcat
7.0.7
apachetomcat
7.0.8
apachetomcat
7.0.9
apachetomcat
7.0.10
apachetomcat
7.0.11
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
tomcat5.5
oneiric
dne
natty
dne
maverick
dne
lucid
dne
hardy
ignored
tomcat6
oneiric
Fixed 6.0.32-5ubuntu1.1
released
natty
Fixed 6.0.28-10ubuntu2.2
released
maverick
Fixed 6.0.28-2ubuntu1.5
released
lucid
Fixed 6.0.24-2ubuntu1.9
released
hardy
dne
tomcat7
oneiric
not-affected
natty
dne
maverick
dne
lucid
dne
hardy
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html
http://marc.info/?l=bugtraq&m=139344343412337&w=2
http://rhn.redhat.com/errata/RHSA-2012-0074.html
http://rhn.redhat.com/errata/RHSA-2012-0075.html
http://rhn.redhat.com/errata/RHSA-2012-0076.html
http://rhn.redhat.com/errata/RHSA-2012-0077.html
http://rhn.redhat.com/errata/RHSA-2012-0078.html
http://rhn.redhat.com/errata/RHSA-2012-0325.html
http://secunia.com/advisories/57126
http://svn.apache.org/viewvc?view=rev&rev=1087655
http://svn.apache.org/viewvc?view=rev&rev=1158180
http://svn.apache.org/viewvc?view=rev&rev=1159309
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-7.html
http://www.debian.org/security/2012/dsa-2401
http://www.redhat.com/support/errata/RHSA-2011-1845.html
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html
http://marc.info/?l=bugtraq&m=139344343412337&w=2
http://rhn.redhat.com/errata/RHSA-2012-0074.html
http://rhn.redhat.com/errata/RHSA-2012-0075.html
http://rhn.redhat.com/errata/RHSA-2012-0076.html
http://rhn.redhat.com/errata/RHSA-2012-0077.html
http://rhn.redhat.com/errata/RHSA-2012-0078.html
http://rhn.redhat.com/errata/RHSA-2012-0325.html
http://secunia.com/advisories/57126
http://svn.apache.org/viewvc?view=rev&rev=1087655
http://svn.apache.org/viewvc?view=rev&rev=1158180
http://svn.apache.org/viewvc?view=rev&rev=1159309
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-7.html
http://www.debian.org/security/2012/dsa-2401
http://www.redhat.com/support/errata/RHSA-2011-1845.html
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E