Apache Tomcat HTTP DIGEST authentication Multiple Vulnerability

Last Update Date: 27 Sep 2011 12:17 Release Date: 27 Sep 2011 5626 Views

RISK: Medium Risk

Medium Risk

TYPE: Servers - Internet App Servers

TYPE: Internet App Servers

在 Apache Tomcat 發現多個漏洞,惡意使用者可利用漏洞繞過保安限制。

HTTP DIGEST 核證被發有以下弱點:

  • 允許 replay 攻擊
  • 沒有檢查伺服器 nonces
  • 沒有檢查客戶端 nonce 數目
  • 沒有檢查 qop 值
  • 沒有檢查 realm 值
  • 伺服器密匙使用已知的字串

這些弱點做成 DIGEST 認證跟 BASIC 認證安全等級一樣。

Impact

  • Security Restriction Bypass

System / Technologies affected

  • Apache Tomcat 7.0.x
  • Apache Tomcat 6.0.x
  • Apache Tomcat 5.5.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

 

Vulnerability Identifier

Source

Related Link

Share with

Previous

HP TCP/IP Services for OpenVMS Multiple Vunlerabilities

23 Sep 2011 5187 Views

Next

Novell GroupWise Multiple Vulnerabilities

27 Sep 2011 5332 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY