New: Corgea AI Pentesting — autonomous penetration testing in hours, not weeks
UNKNOWN Maven

Improper Authentication in Apache Tomcat

GHSA-4f7h-9j2x-cmr4 · CVE-2011-5062

Published · Modified

Description

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.

References

Ready to move

Start Securing

Free, no credit card | First findings in minutes