CVE-2011-5063 – org.apache.tomcat:tomcat

Package

Manager: maven
Name: org.apache.tomcat:tomcat
Vulnerable Version: >=5.5.0 <5.5.34 || >=6.0.0 <6.0.33 || >=7.0.0 <7.0.12

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.01962 pctl0.82794

Details

Improper Authentication in Apache Tomcat The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.

Metadata

Created: 2022-05-14T01:17:03Z
Modified: 2024-02-21T22:23:35Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hffm-fqv4-w27r/GHSA-hffm-fqv4-w27r.json
CWE IDs: ["CWE-287"]
Alternative ID: GHSA-hffm-fqv4-w27r
Finding: F039
Auto approve: 1