The host is installed with Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, or 7.x before 7.0.30 and is prone to security bypass vulnerability. A flaw is present in the application, which fails to properly check for stale nonce values in conjunction with enforcement of proper credentials in the HTTP Digest Access Authentication implementation. Successful exploitation allows remote attackers to bypass intended access restrictions by sniffing the network for valid requests.