CVE-2011-5062
EUVD-2022-236614.01.2012, 21:55
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| apache | tomcat | 5.5.0 |
| apache | tomcat | 5.5.1 |
| apache | tomcat | 5.5.2 |
| apache | tomcat | 5.5.3 |
| apache | tomcat | 5.5.4 |
| apache | tomcat | 5.5.5 |
| apache | tomcat | 5.5.6 |
| apache | tomcat | 5.5.7 |
| apache | tomcat | 5.5.8 |
| apache | tomcat | 5.5.9 |
| apache | tomcat | 5.5.10 |
| apache | tomcat | 5.5.11 |
| apache | tomcat | 5.5.12 |
| apache | tomcat | 5.5.13 |
| apache | tomcat | 5.5.14 |
| apache | tomcat | 5.5.15 |
| apache | tomcat | 5.5.16 |
| apache | tomcat | 5.5.17 |
| apache | tomcat | 5.5.18 |
| apache | tomcat | 5.5.19 |
| apache | tomcat | 5.5.20 |
| apache | tomcat | 5.5.21 |
| apache | tomcat | 5.5.22 |
| apache | tomcat | 5.5.23 |
| apache | tomcat | 5.5.24 |
| apache | tomcat | 5.5.25 |
| apache | tomcat | 5.5.26 |
| apache | tomcat | 5.5.27 |
| apache | tomcat | 5.5.28 |
| apache | tomcat | 5.5.29 |
| apache | tomcat | 5.5.30 |
| apache | tomcat | 5.5.31 |
| apache | tomcat | 5.5.32 |
| apache | tomcat | 5.5.33 |
| apache | tomcat | 6.0 |
| apache | tomcat | 6.0.0 |
| apache | tomcat | 6.0.1 |
| apache | tomcat | 6.0.2 |
| apache | tomcat | 6.0.3 |
| apache | tomcat | 6.0.4 |
| apache | tomcat | 6.0.5 |
| apache | tomcat | 6.0.6 |
| apache | tomcat | 6.0.7 |
| apache | tomcat | 6.0.8 |
| apache | tomcat | 6.0.9 |
| apache | tomcat | 6.0.10 |
| apache | tomcat | 6.0.11 |
| apache | tomcat | 6.0.12 |
| apache | tomcat | 6.0.13 |
| apache | tomcat | 6.0.14 |
| apache | tomcat | 6.0.15 |
| apache | tomcat | 6.0.16 |
| apache | tomcat | 6.0.17 |
| apache | tomcat | 6.0.18 |
| apache | tomcat | 6.0.19 |
| apache | tomcat | 6.0.20 |
| apache | tomcat | 6.0.24 |
| apache | tomcat | 6.0.26 |
| apache | tomcat | 6.0.27 |
| apache | tomcat | 6.0.28 |
| apache | tomcat | 6.0.29 |
| apache | tomcat | 6.0.30 |
| apache | tomcat | 6.0.31 |
| apache | tomcat | 6.0.32 |
| apache | tomcat | 7.0.0 |
| apache | tomcat | 7.0.0:beta |
| apache | tomcat | 7.0.1 |
| apache | tomcat | 7.0.2 |
| apache | tomcat | 7.0.3 |
| apache | tomcat | 7.0.4 |
| apache | tomcat | 7.0.5 |
| apache | tomcat | 7.0.6 |
| apache | tomcat | 7.0.7 |
| apache | tomcat | 7.0.8 |
| apache | tomcat | 7.0.9 |
| apache | tomcat | 7.0.10 |
| apache | tomcat | 7.0.11 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Ubuntu Product | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| tomcat5.5 |
| ||||||||||
| tomcat6 |
| ||||||||||
| tomcat7 |
|
Common Weakness Enumeration
References