1
Candidate: CVE-2011-5064
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5064
5
https://usn.ubuntu.com/usn/usn-1252-1
7
DigestAuthenticator.java in the HTTP Digest Access Authentication
8
implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and
9
7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka
10
private key), which makes it easier for remote attackers to bypass
11
cryptographic protection mechanisms by leveraging knowledge of this string,
12
a different vulnerability than CVE-2011-1184.
15
sbeattie> MITRE split this out from CVE-2011-1184.
22
upstream: http://svn.apache.org/viewvc?view=revision&revision=1159309
23
upstream_tomcat5.5: needs-triage
24
hardy_tomcat5.5: ignored (reached end-of-life)
26
maverick_tomcat5.5: DNE
28
oneiric_tomcat5.5: DNE
32
upstream: http://svn.apache.org/viewvc?view=revision&revision=1158180
33
upstream_tomcat6: needs-triage
35
lucid_tomcat6: released (6.0.24-2ubuntu1.9)
36
maverick_tomcat6: released (6.0.28-2ubuntu1.5)
37
natty_tomcat6: released (6.0.28-10ubuntu2.2)
38
oneiric_tomcat6: released (6.0.32-5ubuntu1.1)
39
devel_tomcat6: released (6.0.32-6ubuntu1)
42
upstream: http://svn.apache.org/viewvc?view=rev&rev=1087655
43
upstream_tomcat7: needs-triage
48
oneiric_tomcat7: not-affected (7.0.21-1)
49
devel_tomcat7: not-affected (7.0.23-1)