Lucene search

K
osvGoogleOSV:GHSA-HFFM-FQV4-W27R
HistoryMay 14, 2022 - 1:17 a.m.

Improper Authentication in Apache Tomcat

2022-05-1401:17:03
Google
osv.dev
10
apache tomcat
authentication
access restriction

EPSS

0.003

Percentile

69.6%

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.

References