PT-2012-2041 · Apache+3 · Apache Tomcat+3

Publicado

2011-12-05

·

Atualizado

2022-05-14

·

CVE-2011-5063

CVSS v2.0

4.3

Média

VetorAV:N/AC:M/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 5.5.x through 5.5.33 Apache Tomcat versions 6.x through 6.0.32 Apache Tomcat versions 7.x through 7.0.11
Description The issue is related to the HTTP Digest Access Authentication implementation, which does not check realm values. This could allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements.
Recommendations For Apache Tomcat versions 5.5.x through 5.5.33, update to version 5.5.34 or later. For Apache Tomcat versions 6.x through 6.0.32, update to version 6.0.33 or later. For Apache Tomcat versions 7.x through 7.0.11, update to version 7.0.12 or later.

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

CESA-2011_1780
CVE-2011-5063
DSA-2401-1
GHSA-HFFM-FQV4-W27R
RHSA-2011:1780
RHSA-2011:1845
RHSA-2011_1780
RHSA-2011_1845
RHSA-2012:0074
RHSA-2012:0076
RHSA-2012:0680
RHSA-2012:0682

Produtos afetados

Apache Tomcat
Centos
Red Hat
Suse