The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x prior to 5.5.36, 6.x prior to 6.0.36, and 7.x prior to 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote malicious users to bypass intended access restrictions by sniffing the network for valid requests.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache tomcat 5.5.0 |
||
apache tomcat 5.5.1 |
||
apache tomcat 5.5.2 |
||
apache tomcat 5.5.3 |
||
apache tomcat 5.5.4 |
||
apache tomcat 5.5.5 |
||
apache tomcat 5.5.6 |
||
apache tomcat 5.5.7 |
||
apache tomcat 5.5.8 |
||
apache tomcat 5.5.9 |
||
apache tomcat 5.5.10 |
||
apache tomcat 5.5.11 |
||
apache tomcat 5.5.12 |
||
apache tomcat 5.5.13 |
||
apache tomcat 5.5.14 |
||
apache tomcat 5.5.15 |
||
apache tomcat 5.5.16 |
||
apache tomcat 5.5.17 |
||
apache tomcat 5.5.18 |
||
apache tomcat 5.5.19 |
||
apache tomcat 5.5.20 |
||
apache tomcat 5.5.21 |
||
apache tomcat 5.5.22 |
||
apache tomcat 5.5.23 |
||
apache tomcat 5.5.24 |
||
apache tomcat 5.5.25 |
||
apache tomcat 5.5.26 |
||
apache tomcat 5.5.27 |
||
apache tomcat 5.5.28 |
||
apache tomcat 5.5.29 |
||
apache tomcat 5.5.30 |
||
apache tomcat 5.5.31 |
||
apache tomcat 5.5.32 |
||
apache tomcat 5.5.33 |
||
apache tomcat 5.5.34 |
||
apache tomcat 5.5.35 |
||
apache tomcat 6.0 |
||
apache tomcat 6.0.0 |
||
apache tomcat 6.0.1 |
||
apache tomcat 6.0.2 |
||
apache tomcat 6.0.3 |
||
apache tomcat 6.0.4 |
||
apache tomcat 6.0.5 |
||
apache tomcat 6.0.6 |
||
apache tomcat 6.0.7 |
||
apache tomcat 6.0.8 |
||
apache tomcat 6.0.9 |
||
apache tomcat 6.0.10 |
||
apache tomcat 6.0.11 |
||
apache tomcat 6.0.12 |
||
apache tomcat 6.0.13 |
||
apache tomcat 6.0.14 |
||
apache tomcat 6.0.15 |
||
apache tomcat 6.0.16 |
||
apache tomcat 6.0.17 |
||
apache tomcat 6.0.18 |
||
apache tomcat 6.0.19 |
||
apache tomcat 6.0.20 |
||
apache tomcat 6.0.24 |
||
apache tomcat 6.0.26 |
||
apache tomcat 6.0.27 |
||
apache tomcat 6.0.28 |
||
apache tomcat 6.0.29 |
||
apache tomcat 6.0.30 |
||
apache tomcat 6.0.31 |
||
apache tomcat 6.0.32 |
||
apache tomcat 6.0.33 |
||
apache tomcat 6.0.35 |
||
apache tomcat 7.0.0 |
||
apache tomcat 7.0.1 |
||
apache tomcat 7.0.2 |
||
apache tomcat 7.0.3 |
||
apache tomcat 7.0.4 |
||
apache tomcat 7.0.5 |
||
apache tomcat 7.0.6 |
||
apache tomcat 7.0.7 |
||
apache tomcat 7.0.8 |
||
apache tomcat 7.0.9 |
||
apache tomcat 7.0.10 |
||
apache tomcat 7.0.11 |
||
apache tomcat 7.0.12 |
||
apache tomcat 7.0.13 |
||
apache tomcat 7.0.14 |
||
apache tomcat 7.0.15 |
||
apache tomcat 7.0.16 |
||
apache tomcat 7.0.17 |
||
apache tomcat 7.0.18 |
||
apache tomcat 7.0.19 |
||
apache tomcat 7.0.20 |
||
apache tomcat 7.0.21 |
||
apache tomcat 7.0.22 |
||
apache tomcat 7.0.23 |
||
apache tomcat 7.0.25 |
||
apache tomcat 7.0.28 |