Upstream information
Description
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.NVD CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Novell/SUSE information
Novell Bugzilla entry: 735343, 741530 SUSE Security Advisories:- SUSE-SU-2012:0155-1, published Tue, 7 Feb 2012 04:08:27 +0100 (CET)
- openSUSE-SU-2012:0208-1, published Thu, 9 Feb 2012 19:09:55 +0100 (CET)
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| SUSE Manager 1.2 for SLE 11 SP1 |
| sles11-sp1-vmware.x86 sles11-sp1.ia64 sles11-sp1.ppc sles11-sp1.x86-64 suse-manager-1.2.x86-64 sles11-sp1.s390x sles11-sp1-vmware.x86-64 sles11-sp1.x86 SAT Patch Nr: 5759 |
| SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1 for VMware |
| sles11-sp1-vmware.x86 sles11-sp1.ia64 sles11-sp1.ppc sles11-sp1.x86-64 suse-manager-1.2.x86-64 sles11-sp1.s390x sles11-sp1-vmware.x86-64 sles11-sp1.x86 SAT Patch Nr: 5759 |
| openSUSE 11.4 |
|