5

CVSS Score

Basic Information

CVE ID

CVE-2011-1184

GHSA ID

GHSA-q9xf-jwr4-v445

EPSS Score

0.89525%

CWE

Published

5/14/2022

Updated

2/21/2024

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2011-1184

CVE-2011-1184: Authentication Bypass in Apache Tomcat

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.

(GitHub Advisory)

5

CVSS Score

Basic Information

CVE ID

CVE-2011-1184

GHSA ID

GHSA-q9xf-jwr4-v445

EPSS Score

0.89525%

CWE

Published

5/14/2022

Updated

2/21/2024

KEV Status

Technology

Java

Technical Details

CVSS Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.apache.tomcat:tomcat	maven	>= 5.5.0, < 5.5.34	5.5.34
org.apache.tomcat:tomcat	maven	>= 6.0.0, < 6.0.33	6.0.33
org.apache.tomcat:tomcat	maven	>= 7.0.0, < 7.0.12	7.0.12

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from missing replay attack protections in Digest authentication. The commit diff shows:

findPrincipal() was completely removed and replaced with DigestInfo validation logic that adds nonce expiration checks and nc validation
generateNOnce() was modified to include timestamps in nonce generation (renamed to generateNonce), indicating the original version lacked time-based validity checks
The patch introduced client nonce tracking (cnonces map) and qop validation - features absent in the original code These functions directly handled the cryptographic parameters that were insufficiently validated, making them root causes of the replay vulnerability

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** *TTP *i**st ****ss *ut**nti**tion impl*m*nt*tion in *p**** Tom**t *.*.x ***or* *.*.**, *.x ***or* *.*.**, *n* *.x ***or* *.*.** *o*s not **v* t** *xp**t** *ount*rm**sur*s ***inst r*pl*y *tt**ks, w*i** m*k*s it **si*r *or r*mot* *tt**k*rs to *yp*s

Reasoning

T** vuln*r**ility st*mm** *rom missin* r*pl*y *tt**k prot**tions in *i**st *ut**nti**tion. T** *ommit *i** s*ows: *. *in*Prin*ip*l() w*s *ompl*t*ly r*mov** *n* r*pl**** wit* *i**stIn*o v*li**tion lo*i* t**t ***s non** *xpir*tion ****ks *n* n* v*li**t

5

Basic Information

Concerned about an active attack path?

CVE-2011-1184: Authentication Bypass in Apache Tomcat

5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI