Upstream information
Description
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.NVD CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Novell/SUSE information
Novell Bugzilla entries: 735343, 741530, 791423 SUSE Security Advisories:- SUSE-SU-2012:0155-1, published Tue, 7 Feb 2012 04:08:27 +0100 (CET)
- openSUSE-SU-2012:0208-1, published Thu, 9 Feb 2012 19:09:55 +0100 (CET)
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| SUSE Manager 1.2 for SLE 11 SP1 |
| sles11-sp1-vmware.x86 sles11-sp1.ia64 sles11-sp1.ppc sles11-sp1.x86-64 suse-manager-1.2.x86-64 sles11-sp1.s390x sles11-sp1-vmware.x86-64 sles11-sp1.x86 SAT Patch Nr: 5759 |
| SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1 for VMware |
| sles11-sp1-vmware.x86 sles11-sp1.ia64 sles11-sp1.ppc sles11-sp1.x86-64 suse-manager-1.2.x86-64 sles11-sp1.s390x sles11-sp1-vmware.x86-64 sles11-sp1.x86 SAT Patch Nr: 5759 |
| openSUSE 11.4 |
|