Oval Definition:	oval:org.mitre.oval:def:23257
Revision Date: 2014-05-26 Version: 40 Title: ELSA-2011:1780: tomcat6 security and bug fix update (Moderate) Description: DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184. Family: unix Class: patch Status: ACCEPTED Reference(s): CVE-2011-1184 CVE-2011-2204 CVE-2011-2526 CVE-2011-3190 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 ELSA-2011:1780-01 Platform(s): Oracle Linux 6 Product(s): tomcat6 Definition Synopsis Oracle Linux 6.x AND rpm test tomcat6-docs-webapp is earlier than 0:6.0.24-35.el6_1 OR tomcat6-webapps is earlier than 0:6.0.24-35.el6_1 OR tomcat6-lib is earlier than 0:6.0.24-35.el6_1 OR tomcat6-jsp-2.1-api is earlier than 0:6.0.24-35.el6_1 OR tomcat6-javadoc is earlier than 0:6.0.24-35.el6_1 OR tomcat6-el-2.1-api is earlier than 0:6.0.24-35.el6_1 OR tomcat6-admin-webapps is earlier than 0:6.0.24-35.el6_1 OR tomcat6-servlet-2.5-api is earlier than 0:6.0.24-35.el6_1 OR tomcat6 is earlier than 0:6.0.24-35.el6_1
BACK