Description
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
Remediation
References
Related Vulnerabilities
MediaWiki Release of Invalid Pointer or Reference Vulnerability (CVE-2022-28203)
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-26477)
Drupal Core 4.6.x Form Action Attribute Injection (4.6.0 - 4.6.9)
WordPress 4.2.x Directory Traversal (4.2 - 4.2.37)
Apache Traffic Server CVE-2023-30631 Vulnerability (CVE-2023-30631)