Description

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.

Remediation

References

CVE-2011-5062

Related Vulnerabilities

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-9861)

WordPress Plugin Custom Metas Cross-Site Scripting (1.5.1)

Oracle Database Server CVE-2019-2571 Vulnerability (CVE-2019-2571)

WordPress Plugin DVS Custom Notification Multiple Cross-Site Request Forgery Vulnerabilities (1.0.1)

WordPress Plugin Responsive Slider-Image Slider-Slideshow for WordPress SQL Injection (2.6.8)

Severity

Medium

Classification

CVE-2011-5062 CWE-264

Tags

Missing Update Known Vulnerabilities