The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
References
Link Providers
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html cve-icon cve-icon
http://marc.info/?l=bugtraq&m=139344343412337&w=2 cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2012-0074.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2012-0075.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2012-0076.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2012-0077.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2012-0078.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2012-0325.html cve-icon cve-icon
http://secunia.com/advisories/57126 cve-icon cve-icon
http://svn.apache.org/viewvc?view=rev&rev=1087655 cve-icon cve-icon
http://svn.apache.org/viewvc?view=rev&rev=1158180 cve-icon cve-icon
http://svn.apache.org/viewvc?view=rev&rev=1159309 cve-icon cve-icon
http://tomcat.apache.org/security-5.html cve-icon cve-icon
http://tomcat.apache.org/security-6.html cve-icon cve-icon
http://tomcat.apache.org/security-7.html cve-icon cve-icon
http://www.debian.org/security/2012/dsa-2401 cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2011-1845.html cve-icon cve-icon
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2011-5062 cve-icon
https://www.cve.org/CVERecord?id=CVE-2011-5062 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-01-14T21:00:00

Updated: 2024-08-07T00:23:39.842Z

Reserved: 2012-01-14T00:00:00

Link: CVE-2011-5062

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2012-01-14T21:55:00.803

Modified: 2024-11-21T01:33:32.240

Link: CVE-2011-5062

cve-icon Redhat

Severity : Moderate

Publid Date: 2011-09-26T00:00:00Z

Links: CVE-2011-5062 - Bugzilla