FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

tomcat -- authentication weaknesses

Affected packages
5.5.0 < tomcat < 5.5.36
6.0.0 < tomcat < 6.0.36
7.0.0 < tomcat < 7.0.30

Details

VuXML ID 152e4c7e-2a2e-11e2-99c7-00a0d181e71d
Discovery 2012-11-05
Entry 2012-11-08
Modified 2012-11-09

The Apache Software Foundation reports:

Three weaknesses in Tomcat's implementation of DIGEST authentication were identified and resolved:

These issues reduced the security of DIGEST authentication making replay attacks possible in some circumstances.

The first issue was identified by Tilmann Kuhn. The second and third issues were identified by the Tomcat security team during the code review resulting from the first issue.

References

CVE Name CVE-2012-3439
URL http://tomcat.apache.org/security-5.html
URL http://tomcat.apache.org/security-6.html
URL http://tomcat.apache.org/security-7.html
URL http://tomcat.apache.org/security.html