The host is running Apache Tomcat Server and is prone to multiple security bypass vulnerabilities.
Successful exploitation could allows remote attackers to bypass intended access restrictions or gain sensitive information. Impact Level: Application.
Upgrade Apache Tomcat to 5.5.34, 6.0.33, 7.0.12 or later, For updates refer to http://tomcat.apache.org/
The flaws are due to errors in the HTTP Digest Access Authentication implementation, - which fails to check 'qop' and 'realm' values and allows to bypass access restrictions. - Catalina used as the hard-coded server secret in the DigestAuthenticator.java bypasses cryptographic protection mechanisms. - which fails to have the expected countermeasures against replay attacks.
Apache Tomcat 5.5.x to 5.5.33, 6.x to 6.0.32 and 7.x to 7.0.11 on Windows.
Updated on 2015-03-25
CVE CVE-2011-1184, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064
CVSS Base Score: 5.0
- IBM Rational Quality Manager and Rational Test Lab Manager Tomcat Default Account Vulnerability
- HServer Webserver Multiple Directory Traversal Vulnerabilities
- Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
- iWeb Server URL Directory Traversal Vulnerability
- IBM WebSphere Application Server IVT Cross Site Scripting Vulnerability