Description
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
Remediation
References
Related Vulnerabilities
WordPress Plugin Convert Plus Unspecified Vulnerability (3.5.6)
WordPress Plugin Yandex.News Feed by Teplitsa Cross-Site Scripting (1.12.5)
Sqlite Use of Uninitialized Resource Vulnerability (CVE-2015-3414)
WordPress Plugin YITH WooCommerce Gift Cards Security Bypass (1.3.7)
phpMyFAQ Authentication Bypass by Capture-replay Vulnerability (CVE-2023-1886)