Upstream information
Description
DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.NVD CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Novell/SUSE information
Novell Bugzilla entry: 735343, 741531 SUSE Security Advisories:- SUSE-SU-2012:0155-1, published Tue, 7 Feb 2012 04:08:27 +0100 (CET)
- openSUSE-SU-2012:0208-1, published Thu, 9 Feb 2012 19:09:55 +0100 (CET)
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| SUSE Manager 1.2 for SLE 11 SP1 |
| sles11-sp1-vmware.x86 sles11-sp1.ia64 sles11-sp1.ppc sles11-sp1.x86-64 suse-manager-1.2.x86-64 sles11-sp1.s390x sles11-sp1-vmware.x86-64 sles11-sp1.x86 SAT Patch Nr: 5759 |
| SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1 for VMware |
| sles11-sp1-vmware.x86 sles11-sp1.ia64 sles11-sp1.ppc sles11-sp1.x86-64 suse-manager-1.2.x86-64 sles11-sp1.s390x sles11-sp1-vmware.x86-64 sles11-sp1.x86 SAT Patch Nr: 5759 |
| openSUSE 11.4 |
|