Bug 741530 - VUL-1: CVE-2011-5063: tomcat: Bypass intended integrity protection due to incorrect realm checking
VUL-1: CVE-2011-5063: tomcat: Bypass intended integrity protection due to inc...
Status: VERIFIED DUPLICATE of bug 735343
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: General
unspecified
Other Other
: P4 - Low : Normal
: ---
Assigned To: E-mail List
Security Team bot
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-01-16 09:27 UTC by Matthias Weckbecker
Modified: 2012-01-18 09:26 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Weckbecker 2012-01-16 09:27:51 UTC
"The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.",

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5063
Comment 1 Sebastian Krahmer 2012-01-18 09:26:36 UTC
dup

*** This bug has been marked as a duplicate of bug 735343 ***