VulnerableCode Vulnerability Details

Search for vulnerabilities

System	Score	Found at
generic_textual	MODERATE	http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html
generic_textual	MODERATE	http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html
generic_textual	MODERATE	http://marc.info/?l=bugtraq&m=139344343412337&w=2
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2012:0074
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2012:0075
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2012:0076
epss	0.05319	https://api.first.org/data/v1/epss?cve=CVE-2011-5062
epss	0.05319	https://api.first.org/data/v1/epss?cve=CVE-2011-5062
epss	0.05319	https://api.first.org/data/v1/epss?cve=CVE-2011-5062
epss	0.05319	https://api.first.org/data/v1/epss?cve=CVE-2011-5062
epss	0.05319	https://api.first.org/data/v1/epss?cve=CVE-2011-5062
epss	0.05319	https://api.first.org/data/v1/epss?cve=CVE-2011-5062
epss	0.05319	https://api.first.org/data/v1/epss?cve=CVE-2011-5062
epss	0.05319	https://api.first.org/data/v1/epss?cve=CVE-2011-5062
epss	0.05319	https://api.first.org/data/v1/epss?cve=CVE-2011-5062
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-4f7h-9j2x-cmr4
generic_textual	MODERATE	https://github.com/apache/tomcat
generic_textual	MODERATE	https://github.com/apache/tomcat55/commit/644dfdf96cf82fcd2a2046d93f2b5495f7e94584
generic_textual	MODERATE	https://github.com/apache/tomcat/commit/639e20992a66d7a42fb59c974db91c8a0f730a1e
generic_textual	MODERATE	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2011-5062
generic_textual	MODERATE	http://svn.apache.org/viewvc?view=rev&rev=1087655
generic_textual	MODERATE	http://svn.apache.org/viewvc?view=rev&rev=1158180
generic_textual	MODERATE	http://svn.apache.org/viewvc?view=rev&rev=1159309
generic_textual	MODERATE	https://web.archive.org/web/20151017023138/http://secunia.com/advisories/57126
generic_textual	MODERATE	http://tomcat.apache.org/security-5.html
generic_textual	MODERATE	http://tomcat.apache.org/security-6.html
generic_textual	MODERATE	http://tomcat.apache.org/security-7.html
generic_textual	MODERATE	http://www.debian.org/security/2012/dsa-2401

System

Score

Found at

generic_textual

MODERATE

http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html

generic_textual

MODERATE

http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html

generic_textual

MODERATE

http://marc.info/?l=bugtraq&m=139344343412337&w=2

generic_textual

MODERATE

https://access.redhat.com/errata/RHSA-2012:0074

generic_textual

MODERATE

https://access.redhat.com/errata/RHSA-2012:0075

generic_textual

MODERATE

https://access.redhat.com/errata/RHSA-2012:0076

epss

0.05319

https://api.first.org/data/v1/epss?cve=CVE-2011-5062

epss

0.05319

https://api.first.org/data/v1/epss?cve=CVE-2011-5062

epss

0.05319

https://api.first.org/data/v1/epss?cve=CVE-2011-5062

epss

0.05319

https://api.first.org/data/v1/epss?cve=CVE-2011-5062

epss

0.05319

https://api.first.org/data/v1/epss?cve=CVE-2011-5062

epss

0.05319

https://api.first.org/data/v1/epss?cve=CVE-2011-5062

epss

0.05319

https://api.first.org/data/v1/epss?cve=CVE-2011-5062

epss

0.05319

https://api.first.org/data/v1/epss?cve=CVE-2011-5062

epss

0.05319

https://api.first.org/data/v1/epss?cve=CVE-2011-5062

cvssv3.1_qr

MODERATE

https://github.com/advisories/GHSA-4f7h-9j2x-cmr4

generic_textual

MODERATE

https://github.com/apache/tomcat

generic_textual

MODERATE

https://github.com/apache/tomcat55/commit/644dfdf96cf82fcd2a2046d93f2b5495f7e94584

generic_textual

MODERATE

https://github.com/apache/tomcat/commit/639e20992a66d7a42fb59c974db91c8a0f730a1e

generic_textual

MODERATE

https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E

generic_textual

MODERATE

https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E

generic_textual

MODERATE

https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E

generic_textual

MODERATE

https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E

generic_textual

MODERATE

https://nvd.nist.gov/vuln/detail/CVE-2011-5062

generic_textual

MODERATE

http://svn.apache.org/viewvc?view=rev&rev=1087655

generic_textual

MODERATE

http://svn.apache.org/viewvc?view=rev&rev=1158180

generic_textual

MODERATE

http://svn.apache.org/viewvc?view=rev&rev=1159309

generic_textual

MODERATE

https://web.archive.org/web/20151017023138/http://secunia.com/advisories/57126

generic_textual

MODERATE

http://tomcat.apache.org/security-5.html

generic_textual

MODERATE

http://tomcat.apache.org/security-6.html

generic_textual

MODERATE

http://tomcat.apache.org/security-7.html

generic_textual

MODERATE

http://www.debian.org/security/2012/dsa-2401

Reference id

Reference type

URL

http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html

http://marc.info/?l=bugtraq&m=139344343412337&w=2

http://rhn.redhat.com/errata/RHSA-2012-0074.html

http://rhn.redhat.com/errata/RHSA-2012-0075.html

http://rhn.redhat.com/errata/RHSA-2012-0076.html

https://access.redhat.com/errata/RHSA-2012:0074

https://access.redhat.com/errata/RHSA-2012:0075

https://access.redhat.com/errata/RHSA-2012:0076

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-5062.json

https://api.first.org/data/v1/epss?cve=CVE-2011-5062

http://secunia.com/advisories/57126

https://github.com/apache/tomcat

https://github.com/apache/tomcat55/commit/644dfdf96cf82fcd2a2046d93f2b5495f7e94584

https://github.com/apache/tomcat/commit/639e20992a66d7a42fb59c974db91c8a0f730a1e

https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E

http://svn.apache.org/viewvc?view=rev&rev=1087655

http://svn.apache.org/viewvc?view=rev&rev=1158180

http://svn.apache.org/viewvc?view=rev&rev=1159309

https://web.archive.org/web/20151017023138/http://secunia.com/advisories/57126

http://tomcat.apache.org/security-5.html

http://tomcat.apache.org/security-6.html

http://tomcat.apache.org/security-7.html

http://www.debian.org/security/2012/dsa-2401

741401

https://bugzilla.redhat.com/show_bug.cgi?id=741401

CVE-2011-5062

https://nvd.nist.gov/vuln/detail/CVE-2011-5062

GHSA-4f7h-9j2x-cmr4

https://github.com/advisories/GHSA-4f7h-9j2x-cmr4

GLSA-201206-24

https://security.gentoo.org/glsa/201206-24

RHSA-2011:1780

https://access.redhat.com/errata/RHSA-2011:1780

RHSA-2012:0041

https://access.redhat.com/errata/RHSA-2012:0041

RHSA-2012:0077

https://access.redhat.com/errata/RHSA-2012:0077

RHSA-2012:0078

https://access.redhat.com/errata/RHSA-2012:0078

RHSA-2012:0091

https://access.redhat.com/errata/RHSA-2012:0091

RHSA-2012:0325

https://access.redhat.com/errata/RHSA-2012:0325

RHSA-2012:0679

https://access.redhat.com/errata/RHSA-2012:0679

RHSA-2012:0680

https://access.redhat.com/errata/RHSA-2012:0680

RHSA-2012:0681

https://access.redhat.com/errata/RHSA-2012:0681

RHSA-2012:0682

https://access.redhat.com/errata/RHSA-2012:0682

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:38:15.922968+00:00	ProjectKB MSRImporter	Import	https://raw.githubusercontent.com/SAP/project-kb/master/MSR2019/dataset/vulas_db_msr2019_release.csv	38.0.0

2026-04-01T12:38:15.922968+00:00

ProjectKB MSRImporter

Import

https://raw.githubusercontent.com/SAP/project-kb/master/MSR2019/dataset/vulas_db_msr2019_release.csv

38.0.0

Vulnerability ID	VCID-1v6c-f56v-hqh1
Aliases	CVE-2011-5062 GHSA-4f7h-9j2x-cmr4
Summary	The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-264	Permissions, Privileges, and Access Controls
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-287	Improper Authentication

Percentile	0.89998
EPSS Score	0.05319
Published At	April 1, 2026, 12:55 p.m.