Bug 741530 - VUL-1: CVE-2011-5063: tomcat: Bypass intended integrity protection due to incorrect realm checking
VUL-1: CVE-2011-5063: tomcat: Bypass intended integrity protection due to inc...
Status: VERIFIED DUPLICATE of bug 735343
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: General
Other Other
: P4 - Low : Normal
: ---
Assigned To: E-mail List
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2012-01-16 09:27 UTC by Matthias Weckbecker
Modified: 2012-01-18 09:26 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Weckbecker 2012-01-16 09:27:51 UTC
"The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.",

Comment 1 Sebastian Krahmer 2012-01-18 09:26:36 UTC

*** This bug has been marked as a duplicate of bug 735343 ***