CVE-2011-5062 – org.apache.tomcat:tomcat

Package

Manager: maven
Name: org.apache.tomcat:tomcat
Vulnerable Version: >=5.5.0 <5.5.34 || >=6.0.0 <6.0.33 || >=7.0.0 <7.0.12

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.02973 pctl0.85986

Details

Improper Authentication in Apache Tomcat The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.

Metadata

Created: 2022-05-14T01:17:03Z
Modified: 2024-02-21T22:17:52Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4f7h-9j2x-cmr4/GHSA-4f7h-9j2x-cmr4.json
CWE IDs: ["CWE-287"]
Alternative ID: GHSA-4f7h-9j2x-cmr4
Finding: F039
Auto approve: 1