Lucene search
K

8 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/13 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2026-43512

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through...

9.8CVSS8.1AI score0.01233EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.40 views

Apache Tomcat - Digest authenticator will authenticate any unknown user

Versions Affected: Apache Tomcat 11.0.0-M1 to 11.0.21 Apache Tomcat 10.1.0-M1 to 10.1.54 Apache Tomcat 9.0.0.M1 to 9.0.117 Older, unsupported versions may also be affected Description: When DIGEST authentication was configured, any user not known to the configured Realm would be authenticated if...

9.8CVSS5.8AI score0.01233EPSS
Exploits1References10Affected Software3
Debian CVE
Debian CVE
added 2026/05/12 3:24 p.m.8 views

CVE-2026-43512

DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from before 7.0.0. Older unsupported...

9.8CVSS5.7AI score0.01233EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.22 views

PT-2026-40071

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.21 Apache Tomcat versions 10.1.0-M1 through 10.1.54 Apache Tomcat versions 9.0.0.M1 through 9.0.117 Apache Tomcat versions 8.5.0 through 8.5.100 Apache Tomcat versions prior to 7.0.0 Description An...

10CVSS5.8AI score0.01339EPSS
Exploits2References79
RedHat Linux
RedHat Linux
added 2013/03/14 4:46 p.m.4 views

tomcat: three DIGEST authentication implementation issues

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to...

5CVSS7.4AI score0.08768EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/02/19 8:31 p.m.7 views

tomcat: three DIGEST authentication implementation issues

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended...

5CVSS7.3AI score0.12098EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2012/02/22 5:2 a.m.3 views

tomcat: Multiple weaknesses in HTTP DIGEST authentication

DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret aka private key, which makes it easier for remote attackers to bypass cryptographic...

5CVSS6.1AI score0.0854EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2012/01/31 10:56 p.m.9 views

tomcat: Multiple weaknesses in HTTP DIGEST authentication

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weak...

5CVSS6.1AI score0.0854EPSS
Exploits0References4
Rows per page
Query Builder