/[Apache-SVN]
ViewVC logotype

Revision 1380829


Jump to revision: Previous Next
Author: markt
Date: Tue Sep 4 19:48:27 2012 UTC (12 years, 7 months ago)
Changed paths: 3
Log Message:
Various improvements to the DIGEST authenticator including <bug>52954</bug>, the disabling caching of an authenticated user in the session by default, tracking server rather than client nonces and better handling of stale nonce values.

This fixed CVE-2012-3439 Apache Tomcat DIGEST authentication weaknesses

Changed paths

Path Details
Directorytomcat/tc6.0.x/trunk/java/org/apache/catalina/authenticator/DigestAuthenticator.java modified , text changed
Directorytomcat/tc6.0.x/trunk/webapps/docs/changelog.xml modified , text changed
Directorytomcat/tc6.0.x/trunk/webapps/docs/config/valve.xml modified , text changed

infrastructure at apache.org
ViewVC Help
Powered by ViewVC 1.1.26