The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2012-01-14T21:00:00
Updated: 2024-08-07T00:23:39.939Z
Reserved: 2012-01-14T00:00:00
Link: CVE-2011-5063
Vulnrichment
No data.
NVD
Status : Modified
Published: 2012-01-14T21:55:00.850
Modified: 2024-11-21T01:33:32.437
Link: CVE-2011-5063
Redhat