Authentication Bypass in Apache Tomcat
Moderate severity
GitHub Reviewed
Published
May 14, 2022
to the GitHub Advisory Database
•
Updated Feb 21, 2024
Package
Affected versions
>= 5.5.0, < 5.5.34
>= 6.0.0, < 6.0.33
>= 7.0.0, < 7.0.12
Patched versions
5.5.34
6.0.33
7.0.12
Description
Published by the National Vulnerability Database
Jan 14, 2012
Published to the GitHub Advisory Database
May 14, 2022
Reviewed
Jul 13, 2022
Last updated
Feb 21, 2024
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
References