Description

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.

Remediation

References

CVE-2011-5062

Related Vulnerabilities

Oracle Database Server CVE-2015-4794 Vulnerability (CVE-2015-4794)

Squid Improper Synchronization Vulnerability (CVE-2020-14059)

WordPress Plugin XML File Export Import for Stamps.com and WooCommerce Cross-Site Request Forgery (1.1.8)

Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2017-7525)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-7983)

Severity

Medium

Classification

CVE-2011-5062 CWE-264

Tags

Missing Update Known Vulnerabilities