4 matches found
CVE-2026-3144
CVE-2026-3144 affects IBM API Connect 12.1.0.0 through 12.1.0.3. The root cause is the use of default credentials, which could enable an attacker to gain unauthorized access to the application before credentials are updated. The available documents confirm the affected product and the credential-...
tomcat: three DIGEST authentication implementation issues
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended...
tomcat: three DIGEST authentication implementation issues
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended...
Apache Tomcat 5.5.x < 5.5.36 DIGEST Authentication Multiple Security Weaknesses
According to its self-reported version number, the instance of Apache Tomcat 5.5.x listening on the remote host is prior to 5.5.36. It is, therefore, affected by the following vulnerabilities : - Replay-countermeasure functionality in HTTP Digest Access Authentication tracks cnonce values instead...