Description
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
Remediation
References
Related Vulnerabilities
Zikula Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-2293)
WordPress Plugin Buddy Share It Allusers FB YR Arbitrary File Upload (3.2.8)
MySQL CVE-2015-2573 Vulnerability (CVE-2015-2573)
Apache Tomcat Missing Release of Resource after Effective Lifetime Vulnerability (CVE-2021-42340)