VulnerableCode Vulnerability Details

Search for vulnerabilities

System	Score	Found at
generic_textual	MODERATE	http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html
generic_textual	MODERATE	http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html
generic_textual	MODERATE	http://marc.info/?l=bugtraq&m=139344343412337&w=2
generic_textual	MODERATE	http://rhn.redhat.com/errata/RHSA-2012-0074.html
generic_textual	MODERATE	http://rhn.redhat.com/errata/RHSA-2012-0075.html
generic_textual	MODERATE	http://rhn.redhat.com/errata/RHSA-2012-0076.html
epss	0.05319	https://api.first.org/data/v1/epss?cve=CVE-2011-5064
epss	0.05319	https://api.first.org/data/v1/epss?cve=CVE-2011-5064
epss	0.05319	https://api.first.org/data/v1/epss?cve=CVE-2011-5064
epss	0.05319	https://api.first.org/data/v1/epss?cve=CVE-2011-5064
epss	0.05319	https://api.first.org/data/v1/epss?cve=CVE-2011-5064
epss	0.05319	https://api.first.org/data/v1/epss?cve=CVE-2011-5064
epss	0.05319	https://api.first.org/data/v1/epss?cve=CVE-2011-5064
epss	0.05319	https://api.first.org/data/v1/epss?cve=CVE-2011-5064
epss	0.05319	https://api.first.org/data/v1/epss?cve=CVE-2011-5064
epss	0.05319	https://api.first.org/data/v1/epss?cve=CVE-2011-5064
epss	0.05319	https://api.first.org/data/v1/epss?cve=CVE-2011-5064
epss	0.05319	https://api.first.org/data/v1/epss?cve=CVE-2011-5064
epss	0.05319	https://api.first.org/data/v1/epss?cve=CVE-2011-5064
epss	0.05319	https://api.first.org/data/v1/epss?cve=CVE-2011-5064
epss	0.05319	https://api.first.org/data/v1/epss?cve=CVE-2011-5064
generic_textual	MODERATE	http://secunia.com/advisories/57126
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-6cr4-7c7p-p3xv
generic_textual	MODERATE	https://github.com/apache/tomcat
generic_textual	MODERATE	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2011-5064
generic_textual	MODERATE	http://svn.apache.org/viewvc?view=rev&rev=1087655
generic_textual	MODERATE	http://svn.apache.org/viewvc?view=rev&rev=1158180
generic_textual	MODERATE	http://svn.apache.org/viewvc?view=rev&rev=1159309
generic_textual	MODERATE	http://tomcat.apache.org/security-5.html
generic_textual	MODERATE	http://tomcat.apache.org/security-6.html
generic_textual	MODERATE	http://tomcat.apache.org/security-7.html
generic_textual	MODERATE	http://www.debian.org/security/2012/dsa-2401

System

Score

Found at

generic_textual

MODERATE

http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html

generic_textual

MODERATE

http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html

generic_textual

MODERATE

http://marc.info/?l=bugtraq&m=139344343412337&w=2

generic_textual

MODERATE

http://rhn.redhat.com/errata/RHSA-2012-0074.html

generic_textual

MODERATE

http://rhn.redhat.com/errata/RHSA-2012-0075.html

generic_textual

MODERATE

http://rhn.redhat.com/errata/RHSA-2012-0076.html

epss

0.05319

https://api.first.org/data/v1/epss?cve=CVE-2011-5064

epss

0.05319

https://api.first.org/data/v1/epss?cve=CVE-2011-5064

epss

0.05319

https://api.first.org/data/v1/epss?cve=CVE-2011-5064

epss

0.05319

https://api.first.org/data/v1/epss?cve=CVE-2011-5064

epss

0.05319

https://api.first.org/data/v1/epss?cve=CVE-2011-5064

epss

0.05319

https://api.first.org/data/v1/epss?cve=CVE-2011-5064

epss

0.05319

https://api.first.org/data/v1/epss?cve=CVE-2011-5064

epss

0.05319

https://api.first.org/data/v1/epss?cve=CVE-2011-5064

epss

0.05319

https://api.first.org/data/v1/epss?cve=CVE-2011-5064

epss

0.05319

https://api.first.org/data/v1/epss?cve=CVE-2011-5064

epss

0.05319

https://api.first.org/data/v1/epss?cve=CVE-2011-5064

epss

0.05319

https://api.first.org/data/v1/epss?cve=CVE-2011-5064

epss

0.05319

https://api.first.org/data/v1/epss?cve=CVE-2011-5064

epss

0.05319

https://api.first.org/data/v1/epss?cve=CVE-2011-5064

epss

0.05319

https://api.first.org/data/v1/epss?cve=CVE-2011-5064

generic_textual

MODERATE

http://secunia.com/advisories/57126

cvssv3.1_qr

MODERATE

https://github.com/advisories/GHSA-6cr4-7c7p-p3xv

generic_textual

MODERATE

https://github.com/apache/tomcat

generic_textual

MODERATE

https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E

generic_textual

MODERATE

https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E

generic_textual

MODERATE

https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E

generic_textual

MODERATE

https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E

generic_textual

MODERATE

https://nvd.nist.gov/vuln/detail/CVE-2011-5064

generic_textual

MODERATE

http://svn.apache.org/viewvc?view=rev&rev=1087655

generic_textual

MODERATE

http://svn.apache.org/viewvc?view=rev&rev=1158180

generic_textual

MODERATE

http://svn.apache.org/viewvc?view=rev&rev=1159309

generic_textual

MODERATE

http://tomcat.apache.org/security-5.html

generic_textual

MODERATE

http://tomcat.apache.org/security-6.html

generic_textual

MODERATE

http://tomcat.apache.org/security-7.html

generic_textual

MODERATE

http://www.debian.org/security/2012/dsa-2401

Reference id

Reference type

URL

http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html

http://marc.info/?l=bugtraq&m=139344343412337&w=2

http://rhn.redhat.com/errata/RHSA-2012-0074.html

http://rhn.redhat.com/errata/RHSA-2012-0075.html

http://rhn.redhat.com/errata/RHSA-2012-0076.html

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-5064.json

https://api.first.org/data/v1/epss?cve=CVE-2011-5064

http://secunia.com/advisories/57126

https://github.com/apache/tomcat

https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E

http://svn.apache.org/viewvc?view=rev&rev=1087655

http://svn.apache.org/viewvc?view=rev&rev=1158180

http://svn.apache.org/viewvc?view=rev&rev=1159309

http://tomcat.apache.org/security-5.html

http://tomcat.apache.org/security-6.html

http://tomcat.apache.org/security-7.html

http://www.debian.org/security/2012/dsa-2401

741401

https://bugzilla.redhat.com/show_bug.cgi?id=741401

CVE-2011-5064

https://nvd.nist.gov/vuln/detail/CVE-2011-5064

GHSA-6cr4-7c7p-p3xv

https://github.com/advisories/GHSA-6cr4-7c7p-p3xv

GLSA-201206-24

https://security.gentoo.org/glsa/201206-24

RHSA-2011:1780

https://access.redhat.com/errata/RHSA-2011:1780

RHSA-2012:0041

https://access.redhat.com/errata/RHSA-2012:0041

RHSA-2012:0077

https://access.redhat.com/errata/RHSA-2012:0077

RHSA-2012:0078

https://access.redhat.com/errata/RHSA-2012:0078

RHSA-2012:0091

https://access.redhat.com/errata/RHSA-2012:0091

RHSA-2012:0325

https://access.redhat.com/errata/RHSA-2012:0325

RHSA-2012:0679

https://access.redhat.com/errata/RHSA-2012:0679

RHSA-2012:0680

https://access.redhat.com/errata/RHSA-2012:0680

RHSA-2012:0681

https://access.redhat.com/errata/RHSA-2012:0681

RHSA-2012:0682

https://access.redhat.com/errata/RHSA-2012:0682

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:50:31.058815+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2011-5064.yml	38.0.0

2026-04-01T12:50:31.058815+00:00

GitLab Importer

Import

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2011-5064.yml

38.0.0

Vulnerability ID	VCID-egye-da2v-4ybh
Aliases	CVE-2011-5064 GHSA-6cr4-7c7p-p3xv
Summary	Use of Hard-coded Cryptographic Key in Apache Tomcat DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-310	Cryptographic Issues
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-321	Use of Hard-coded Cryptographic Key

Percentile	0.89998
EPSS Score	0.05319
Published At	April 1, 2026, 12:55 p.m.