The host is running Apache Tomcat Server and is prone to multiple security bypass vulnerabilities.
Successful exploitation could allows remote attackers to bypass intended access restrictions or gain sensitive information. Impact Level: Application.
Upgrade Apache Tomcat to 5.5.34, 6.0.33, 7.0.12 or later, For updates refer to http://tomcat.apache.org/
The flaws are due to errors in the HTTP Digest Access Authentication implementation, - which fails to check 'qop' and 'realm' values and allows to bypass access restrictions. - Catalina used as the hard-coded server secret in the DigestAuthenticator.java bypasses cryptographic protection mechanisms. - which fails to have the expected countermeasures against replay attacks.
Apache Tomcat 5.5.x to 5.5.33, 6.x to 6.0.32 and 7.x to 7.0.11 on Windows.
Updated on 2015-03-25
CVE CVE-2011-1184, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064
CVSS Base Score: 5.0
- bozohttpd Security Bypass Vulnerability
- Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
- Boa Webserver Terminal Escape Sequence in Logs Command Injection Vulnerability
- IBM WebSphere Application Server (WAS) Cross-site Scripting Vulnerability
- lighttpd Slow Request Handling Remote Denial Of Service Vulnerability