The host is running Apache Tomcat Server and is prone to multiple security bypass vulnerabilities.
Successful exploitation could allow remote attackers to bypass intended access restrictions by sniffing the network for valid requests. Impact Level: Application
Apply patch or upgrade Apache Tomcat to 5.5.36, 6.0.36, 7.0.30 or later, For updates refer to http://tomcat.apache.org/ ***** NOTE: Ignore this warning, if above mentioned patch is manually applied. *****
The flaws are due to error in HTTP digest access authentication implementation, which does not properly validate for, - stale nonce values in conjunction with enforcement of proper credentials - caches information about the authenticated user within the session state - cnonce values instead of nonce and nc values.
Apache Tomcat version 5.5.x to 5.5.35, 6.x to 6.0.35 and 7.x to 7.0.29
Updated on 2015-03-25
- Apache UserDir Sensitive Information Disclosure
- IBM WebSphere Application Server (WAS) Multiple Vulnerabilities 01 - March 2011
- IMail account hijack
- IBM WebSphere Application Server Multiple CSRF Vulnerabilities
- Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities