4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
69.3%
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x
before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check
realm values, which might allow remote attackers to bypass intended access
restrictions by leveraging the availability of a protection space with
weaker authentication or authorization requirements, a different
vulnerability than CVE-2011-1184.
Author | Note |
---|---|
sbeattie | MITRE split this out from CVE-2011-1184. |