Tomcat 又爆安全漏洞,情何以堪

释放双眼,带上耳机,听听看~!

文章转载开源中国

CVE-2011-1184 Apache Tomcat – Multiple weaknesses in HTTP DIGEST authentication

严重性: 中等

所影响的版本:
– – Tomcat 7.0.0 to 7.0.11
– – Tomcat 6.0.0 to 6.0.32
– – Tomcat 5.5.0 to 5.5.33
– – Earlier, unsupported versions may also be affected

漏洞描述:
The implementation of HTTP DIGEST authentication was discovered to
have several weaknesses:
– – replay attacks were permitted
– – server nonces were not checked
– – client nonce counts were not checked
– – qop values were not checked
– – realm values were not checked
– – the server secret was hard-coded to a known string
The result of these weaknesses is that DIGEST authentication was only
as secure as BASIC authentication.

解决方法:
Users of Tomcat 7.0.x should upgrade to 7.0.12 or later
Users of Tomcat 6.0.x should upgrade to 6.0.33 or later
Users of Tomcat 5.5.x should upgrade to 5.5.34 or later

给TA打赏
共{{data.count}}人
人已打赏
安全经验

IE 浏览器说 Google 帐户登录界面不安全

2011-9-18 11:12:22

安全经验

Websecurify 0.9 发布,Web应用安全测试

2011-10-8 11:12:22

个人中心
购物车
优惠劵
今日签到
有新私信 私信列表
搜索