English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 324607 CVE Beschreibungen
und 145615 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.802415
Kategorie:Web Servers
Titel:Apache Tomcat Multiple Security Bypass Vulnerabilities - Windows
Zusammenfassung:Apache Tomcat Server is prone to multiple security bypass vulnerabilities.
Beschreibung:Summary:
Apache Tomcat Server is prone to multiple security bypass vulnerabilities.

Vulnerability Insight:
The flaws are due to errors in the HTTP Digest Access Authentication
implementation,

- which fails to check 'qop' and 'realm' values and allows to bypass
access restrictions.

- Catalina used as the hard-coded server secret in the
DigestAuthenticator.java bypasses cryptographic protection mechanisms.

- which fails to have the expected countermeasures against replay attacks.

Vulnerability Impact:
Successful exploitation could allows remote attackers to bypass intended
access restrictions or gain sensitive information.

Affected Software/OS:
Apache Tomcat 5.5.x to 5.5.33, 6.x to 6.0.32 and 7.x to 7.0.11 on Windows.

Solution:
Upgrade Apache Tomcat to 5.5.34, 6.0.33, 7.0.12 or later.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2011-1184
57126
http://secunia.com/advisories/57126
DSA-2401
http://www.debian.org/security/2012/dsa-2401
HPSBOV02762
http://marc.info/?l=bugtraq&m=133469267822771&w=2
HPSBST02955
http://marc.info/?l=bugtraq&m=139344343412337&w=2
HPSBUX02860
http://marc.info/?l=bugtraq&m=136485229118404&w=2
MDVSA-2011:156
http://www.mandriva.com/security/advisories?name=MDVSA-2011:156
RHSA-2011:1845
http://www.redhat.com/support/errata/RHSA-2011-1845.html
RHSA-2012:0074
http://rhn.redhat.com/errata/RHSA-2012-0074.html
RHSA-2012:0075
http://rhn.redhat.com/errata/RHSA-2012-0075.html
RHSA-2012:0076
http://rhn.redhat.com/errata/RHSA-2012-0076.html
RHSA-2012:0077
http://rhn.redhat.com/errata/RHSA-2012-0077.html
RHSA-2012:0078
http://rhn.redhat.com/errata/RHSA-2012-0078.html
RHSA-2012:0325
http://rhn.redhat.com/errata/RHSA-2012-0325.html
SSRT100825
SSRT101146
SUSE-SU-2012:0155
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html
[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
http://svn.apache.org/viewvc?view=rev&rev=1087655
http://svn.apache.org/viewvc?view=rev&rev=1158180
http://svn.apache.org/viewvc?view=rev&rev=1159309
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-7.html
openSUSE-SU-2012:0208
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html
oval:org.mitre.oval:def:19169
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19169
Common Vulnerability Exposure (CVE) ID: CVE-2011-5062
Debian Security Information: DSA-2401 (Google Search)
HPdes Security Advisory: HPSBST02955
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
RedHat Security Advisories: RHSA-2012:0074
RedHat Security Advisories: RHSA-2012:0075
RedHat Security Advisories: RHSA-2012:0076
RedHat Security Advisories: RHSA-2012:0077
RedHat Security Advisories: RHSA-2012:0078
RedHat Security Advisories: RHSA-2012:0325
SuSE Security Announcement: SUSE-SU-2012:0155 (Google Search)
SuSE Security Announcement: openSUSE-SU-2012:0208 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2011-5063
Common Vulnerability Exposure (CVE) ID: CVE-2011-5064
CopyrightCopyright (C) 2012 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2025 E-Soft Inc. Alle Rechte vorbehalten.