6.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2021-30640

GHSA ID

GHSA-36qh-35cm-5w2w

EPSS Score

0.40087%

CWE

CWE-116

Published

8/13/2021

Updated

2/3/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2021-30640

CVE-2021-30640: Authentication Bypass by Alternate Name in Apache Tomcat

A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65.

(GitHub Advisory)

6.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2021-30640

GHSA ID

GHSA-36qh-35cm-5w2w

EPSS Score

0.40087%

CWE

CWE-116

Published

8/13/2021

Updated

2/3/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.apache.tomcat:tomcat	maven	>= 10.0.0-M1, < 10.0.5	10.0.5
org.apache.tomcat:tomcat	maven	>= 9.0.0M1, < 9.0.45	9.0.45
org.apache.tomcat:tomcat	maven	>= 8.5.0, < 8.5.65	8.5.65

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

* vuln*r**ility in t** JN*I R**lm o* *p**** Tom**t *llows *n *tt**k*r to *ut**nti**t* usin* v*ri*tions o* * v*li* us*r n*m* *n*/or to *yp*ss som* o* t** prot**tion provi*** *y t** Lo*kOut R**lm. T*is issu* *****ts *p**** Tom**t **.*.*-M* to **.*.*; *

Reasoning

No *n*lysis *v*il**l*

6.5

Basic Information

Concerned about an active attack path?

CVE-2021-30640: Authentication Bypass by Alternate Name in Apache Tomcat

6.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI