CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
55.4%
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x
before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop
values, which might allow remote attackers to bypass intended
integrity-protection requirements via a qop=auth value, a different
vulnerability than CVE-2011-1184.
tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.34
tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.33
tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.12
launchpad.net/bugs/cve/CVE-2011-5062
nvd.nist.gov/vuln/detail/CVE-2011-5062
security-tracker.debian.org/tracker/CVE-2011-5062
ubuntu.com/security/notices/USN-1252-1
www.cve.org/CVERecord?id=CVE-2011-5062