Description

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.

Remediation

References

CVE-2011-5063

Related Vulnerabilities

WordPress Plugin WP Insightly for Contact Form 7 and Ninja Forms Cross-Site Scripting (1.0.7)

WordPress Plugin PowerPack for Beaver Builder Privilege Escalation (2.33.0)

WordPress Plugin Recipe Card Blocks for Gutenberg & Elementor Cross-Site Scripting (2.8.2)

MySQL CVE-2018-3077 Vulnerability (CVE-2018-3077)

Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-38269)

Severity

Medium

Classification

CVE-2011-5063 CWE-287

Tags

Missing Update Known Vulnerabilities