Description
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
Remediation
References
Related Vulnerabilities
PHP Numeric Errors Vulnerability (CVE-2014-3587)
WordPress Plugin Quotes Collection Cross-Site Scripting (2.0.5)
IBM WebSEAL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1476)
WordPress Plugin Dark Mode Cross-Site Scripting (1.6)
Dolibarr Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2021-25957)