The host is installed with Apache Tomcat 5.5.x before 5.5.34 or 6.x before 6.0.33 or 7.x before 7.0.12 and is prone to security bypass vulnerability. A flaw is present in the application, which fails to check qop values. Successful exploitation allows remote attackers to bypass intended integrity-protection requirements.