CVE-2011-5063 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2011-5063 Interim 1 14 2023-12-09T01:46:38Z current 2021-05-30T13:01:06Z 2023-12-09T01:46:38Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2011-5063 The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2012-February/000020.html E-Mail link for SUSE-SU-2012:0155-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JBDEMESMIASPPMG5N3ACZBBZREU3REUV/#JBDEMESMIASPPMG5N3ACZBBZREU3REUV E-Mail link for openSUSE-SU-2012:0208-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP4 tomcat6-6.0.18-20.35.36.1 tomcat6-6.0.18-20.35.40.1 tomcat6-6.0.41-0.43.1 tomcat6-admin-webapps-6.0.18-20.35.36.1 tomcat6-admin-webapps-6.0.18-20.35.40.1 tomcat6-admin-webapps-6.0.41-0.43.1 tomcat6-docs-webapp-6.0.18-20.35.36.1 tomcat6-docs-webapp-6.0.18-20.35.40.1 tomcat6-docs-webapp-6.0.41-0.43.1 tomcat6-javadoc-6.0.18-20.35.36.1 tomcat6-javadoc-6.0.18-20.35.40.1 tomcat6-javadoc-6.0.41-0.43.1 tomcat6-jsp-2_1-api-6.0.18-20.35.36.1 tomcat6-jsp-2_1-api-6.0.18-20.35.40.1 tomcat6-jsp-2_1-api-6.0.41-0.43.1 tomcat6-lib-6.0.18-20.35.36.1 tomcat6-lib-6.0.18-20.35.40.1 tomcat6-lib-6.0.41-0.43.1 tomcat6-servlet-2_5-api-6.0.18-20.35.36.1 tomcat6-servlet-2_5-api-6.0.18-20.35.40.1 tomcat6-servlet-2_5-api-6.0.41-0.43.1 tomcat6-webapps-6.0.18-20.35.36.1 tomcat6-webapps-6.0.18-20.35.40.1 tomcat6-webapps-6.0.41-0.43.1 tomcat6-6.0.18-20.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA tomcat6-admin-webapps-6.0.18-20.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA tomcat6-docs-webapp-6.0.18-20.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA tomcat6-javadoc-6.0.18-20.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA tomcat6-jsp-2_1-api-6.0.18-20.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA tomcat6-lib-6.0.18-20.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA tomcat6-servlet-2_5-api-6.0.18-20.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA tomcat6-webapps-6.0.18-20.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA tomcat6-6.0.18-20.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP2 tomcat6-admin-webapps-6.0.18-20.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP2 tomcat6-docs-webapp-6.0.18-20.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP2 tomcat6-javadoc-6.0.18-20.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP2 tomcat6-jsp-2_1-api-6.0.18-20.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP2 tomcat6-lib-6.0.18-20.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP2 tomcat6-servlet-2_5-api-6.0.18-20.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP2 tomcat6-webapps-6.0.18-20.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP2 tomcat6-6.0.18-20.35.40.1 as a component of SUSE Linux Enterprise Server 11 SP3 tomcat6-admin-webapps-6.0.18-20.35.40.1 as a component of SUSE Linux Enterprise Server 11 SP3 tomcat6-docs-webapp-6.0.18-20.35.40.1 as a component of SUSE Linux Enterprise Server 11 SP3 tomcat6-javadoc-6.0.18-20.35.40.1 as a component of SUSE Linux Enterprise Server 11 SP3 tomcat6-jsp-2_1-api-6.0.18-20.35.40.1 as a component of SUSE Linux Enterprise Server 11 SP3 tomcat6-lib-6.0.18-20.35.40.1 as a component of SUSE Linux Enterprise Server 11 SP3 tomcat6-servlet-2_5-api-6.0.18-20.35.40.1 as a component of SUSE Linux Enterprise Server 11 SP3 tomcat6-webapps-6.0.18-20.35.40.1 as a component of SUSE Linux Enterprise Server 11 SP3 tomcat6-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP4 tomcat6-admin-webapps-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP4 tomcat6-docs-webapp-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP4 tomcat6-javadoc-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP4 tomcat6-jsp-2_1-api-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP4 tomcat6-lib-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP4 tomcat6-servlet-2_5-api-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP4 tomcat6-webapps-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP4 The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184. CVE-2011-5063 SUSE Linux Enterprise Server 11 SP1-TERADATA:tomcat6-6.0.18-20.35.36.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:tomcat6-admin-webapps-6.0.18-20.35.36.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:tomcat6-docs-webapp-6.0.18-20.35.36.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:tomcat6-javadoc-6.0.18-20.35.36.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:tomcat6-jsp-2_1-api-6.0.18-20.35.36.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:tomcat6-lib-6.0.18-20.35.36.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:tomcat6-servlet-2_5-api-6.0.18-20.35.36.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:tomcat6-webapps-6.0.18-20.35.36.1 SUSE Linux Enterprise Server 11 SP2:tomcat6-6.0.18-20.35.36.1 SUSE Linux Enterprise Server 11 SP2:tomcat6-admin-webapps-6.0.18-20.35.36.1 SUSE Linux Enterprise Server 11 SP2:tomcat6-docs-webapp-6.0.18-20.35.36.1 SUSE Linux Enterprise Server 11 SP2:tomcat6-javadoc-6.0.18-20.35.36.1 SUSE Linux Enterprise Server 11 SP2:tomcat6-jsp-2_1-api-6.0.18-20.35.36.1 SUSE Linux Enterprise Server 11 SP2:tomcat6-lib-6.0.18-20.35.36.1 SUSE Linux Enterprise Server 11 SP2:tomcat6-servlet-2_5-api-6.0.18-20.35.36.1 SUSE Linux Enterprise Server 11 SP2:tomcat6-webapps-6.0.18-20.35.36.1 SUSE Linux Enterprise Server 11 SP3:tomcat6-6.0.18-20.35.40.1 SUSE Linux Enterprise Server 11 SP3:tomcat6-admin-webapps-6.0.18-20.35.40.1 SUSE Linux Enterprise Server 11 SP3:tomcat6-docs-webapp-6.0.18-20.35.40.1 SUSE Linux Enterprise Server 11 SP3:tomcat6-javadoc-6.0.18-20.35.40.1 SUSE Linux Enterprise Server 11 SP3:tomcat6-jsp-2_1-api-6.0.18-20.35.40.1 SUSE Linux Enterprise Server 11 SP3:tomcat6-lib-6.0.18-20.35.40.1 SUSE Linux Enterprise Server 11 SP3:tomcat6-servlet-2_5-api-6.0.18-20.35.40.1 SUSE Linux Enterprise Server 11 SP3:tomcat6-webapps-6.0.18-20.35.40.1 SUSE Linux Enterprise Server 11 SP4:tomcat6-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP4:tomcat6-admin-webapps-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP4:tomcat6-docs-webapp-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP4:tomcat6-javadoc-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP4:tomcat6-jsp-2_1-api-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP4:tomcat6-lib-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP4:tomcat6-servlet-2_5-api-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP4:tomcat6-webapps-6.0.41-0.43.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N