1
PublicDateAtUSN: 2011-09-26
2
Candidate: CVE-2011-1184
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1184
6
http://tomcat.apache.org/security-6.html
7
https://usn.ubuntu.com/usn/usn-1252-1
9
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x
10
before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the
11
expected countermeasures against replay attacks, which makes it easier for
12
remote attackers to bypass intended access restrictions by sniffing the
13
network for valid requests, related to lack of checking of nonce (aka
14
server nonce) and nc (aka nonce-count or client nonce count) values.
23
upstream_tomcat5.5: released (5.5.34)
24
hardy_tomcat5.5: ignored (reached end-of-life)
26
maverick_tomcat5.5: DNE
28
oneiric_tomcat5.5: DNE
32
upstream: http://svn.apache.org/viewvc?view=revision&revision=1158180
33
upstream_tomcat6: released (6.0.33)
35
lucid_tomcat6: released (6.0.24-2ubuntu1.9)
36
maverick_tomcat6: released (6.0.28-2ubuntu1.5)
37
natty_tomcat6: released (6.0.28-10ubuntu2.2)
38
oneiric_tomcat6: released (6.0.32-5ubuntu1.1)
39
devel_tomcat6: released (6.0.32-6ubuntu1)
42
upstream_tomcat7: released (7.0.12)
47
oneiric_tomcat7: not-affected (7.0.21-1)
48
devel_tomcat7: not-affected (7.0.21-1)