Red Hat Bugzilla – Bug 959047
CVE-2013-2051 tomcat: DIGEST authentication vulnerable to replay attacks
Last modified: 2014-10-20 20:04:51 EDT
It was found that the fix for CVE-2012-5887 shipped for tomcat 6 on Red Hat Enterprise Linux 6 (RHSA-2013:0623) was incomplete. The fix only allowed DIGEST authentication to succeed when a stale nonce was provided, rather than when a stale nonce was NOT provided. As a result, DIGEST authentication did not function. However, a man-in-the-middle attacker could record a DIGEST authentication exchange, wait until the associated nonce is marked as stale on the server, then successfully replay this request.
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2013:0869 https://rhn.redhat.com/errata/RHSA-2013-0869.html