/[Apache-SVN]
ViewVC logotype

Revision 1377807


Jump to revision: Previous Next
Author: markt
Date: Mon Aug 27 19:43:06 2012 UTC (12 years, 7 months ago)
Changed paths: 6
Log Message:
Digest improvements:
- disable caching of authenticated user in session by default
- track server rather than client nonces
- better handling of stale nonce values

This fixed CVE-2012-3439 Apache Tomcat DIGEST authentication weaknesses

Changed paths

Path Details
Directorytomcat/tc7.0.x/trunk/ modified , props changed
Directorytomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/DigestAuthenticator.java modified , text changed
Directorytomcat/tc7.0.x/trunk/java/org/apache/catalina/util/ConcurrentMessageDigest.java
(Copied from tomcat/trunk/java/org/apache/catalina/util/ConcurrentMessageDigest.java, r1377794)
added , text changed
Directorytomcat/tc7.0.x/trunk/test/org/apache/catalina/authenticator/TesterDigestAuthenticatorPerformance.java modified , text changed
Directorytomcat/tc7.0.x/trunk/webapps/docs/changelog.xml modified , text changed
Directorytomcat/tc7.0.x/trunk/webapps/docs/config/valve.xml modified , text changed

infrastructure at apache.org
ViewVC Help
Powered by ViewVC 1.1.26