Oval Definition:oval:org.mitre.oval:def:22151
Revision Date:2014-02-24Version:100
Title:RHSA-2011:1845: tomcat5 security update (Moderate)
Description:DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CESA-2011:1845
CVE-2010-3718
CVE-2011-0013
CVE-2011-1184
CVE-2011-2204
CVE-2011-5062
CVE-2011-5063
CVE-2011-5064
RHSA-2011:1845-01
Platform(s):CentOS Linux 5
Red Hat Enterprise Linux 5
Product(s):tomcat5
Definition Synopsis
  • Redhat 5 or Centos 5 release
  • The operating system installed on the system is Red Hat Enterprise Linux 5
  • OR The operating system installed on the system is CentOS Linux 5.x
  • AND Packages section
  • tomcat5-admin-webapps is earlier than 0:5.5.23-0jpp.22.el5_7
  • OR tomcat5-servlet-2.4-api-javadoc is earlier than 0:5.5.23-0jpp.22.el5_7
  • OR tomcat5-jsp-2.0-api is earlier than 0:5.5.23-0jpp.22.el5_7
  • OR tomcat5-servlet-2.4-api is earlier than 0:5.5.23-0jpp.22.el5_7
  • OR tomcat5-server-lib is earlier than 0:5.5.23-0jpp.22.el5_7
  • OR tomcat5-jasper is earlier than 0:5.5.23-0jpp.22.el5_7
  • OR tomcat5-common-lib is earlier than 0:5.5.23-0jpp.22.el5_7
  • OR tomcat5-jasper-javadoc is earlier than 0:5.5.23-0jpp.22.el5_7
  • OR tomcat5-webapps is earlier than 0:5.5.23-0jpp.22.el5_7
  • OR tomcat5-jsp-2.0-api-javadoc is earlier than 0:5.5.23-0jpp.22.el5_7
  • OR tomcat5 is earlier than 0:5.5.23-0jpp.22.el5_7
  • BACK