CVE-2011-5064

medium Apache
CVSS v3 Base Score
4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N
EPSS Score
5.3%
Exploitation probability in 30 days
Top 10% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
P
Integrity
None
Availability
None
Published: January 14, 2012 (5234 days ago)
Last Modified: April 29, 2026
Vendor: Apache
Source: NVD

Description

DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.

CWE

CWE-310

Affected Products

apache tomcat

References

🔗 lists.opensuse.org 🔗 lists.opensuse.org 🔗 marc.info 🔗 rhn.redhat.com 🔗 rhn.redhat.com