The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
Max CVSS
5.0
EPSS Score
0.34%
Published
2012-11-17
Updated
2017-08-29
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
Max CVSS
5.0
EPSS Score
0.34%
Published
2012-11-17
Updated
2017-08-29
Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
Max CVSS
6.4
EPSS Score
0.18%
Published
2012-10-09
Updated
2022-04-20
Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
Max CVSS
5.8
EPSS Score
0.36%
Published
2012-10-09
Updated
2013-01-30
Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
Max CVSS
5.0
EPSS Score
0.25%
Published
2012-08-27
Updated
2017-08-29
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
Max CVSS
4.3
EPSS Score
0.30%
Published
2012-01-14
Updated
2019-03-25
Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
Max CVSS
7.5
EPSS Score
0.68%
Published
2012-05-03
Updated
2012-08-14
7 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!