CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
69.6%
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x
before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check
realm values, which might allow remote attackers to bypass intended access
restrictions by leveraging the availability of a protection space with
weaker authentication or authorization requirements, a different
vulnerability than CVE-2011-1184.
Author | Note |
---|---|
sbeattie | MITRE split this out from CVE-2011-1184. |