Skip to main content

CVE-2011-5062

Severity

9.1

Description

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.

Project

Apache Tomcat

Category
n/a
Tags
data
functional
Date Disclosed

2012-01-14

Date Discovered

2012-01-14

Apache Tomcat 7.0.x

First release:
2011-01-14
First release:
2021-03-31
0
Support Lifecycle:
Namespace:
javax

Apache Tomcat 6.0.x

First release:
2007-02-28
First release:
2016-12-31
0
Support Lifecycle:
Namespace:
javax
Feel Vulnerable? 

Contact us so we can help you.

* These fields are required.