5

CVE-2012-5887

EPSS 1.2%
Veröffentlicht 17.11.2012 19:55:02
Zuletzt bearbeitet 30.10.2025 15:49:33
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 26

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Tomcat Version >= 5.5.0 < 5.5.36

Apache ≫ Tomcat Version >= 6.0.0 < 6.0.36

Apache ≫ Tomcat Version >= 7.0.0 < 7.0.30

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.2%	0.783

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://tomcat.apache.org/security-5.html

Vendor Advisory

http://tomcat.apache.org/security-6.html

Vendor Advisory

http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html

Third Party Advisory

http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html

Third Party Advisory

http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html

Third Party Advisory

http://tomcat.apache.org/security-7.html

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2013-0726.html

Third Party Advisory

http://secunia.com/advisories/51371

Broken Link

http://www.ubuntu.com/usn/USN-1637-1

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2013-0623.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2013-0629.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2013-0631.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2013-0632.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2013-0633.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2013-0640.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2013-0647.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2013-0648.html

Third Party Advisory

http://svn.apache.org/viewvc?view=revision&revision=1377807

Permissions Required

http://svn.apache.org/viewvc?view=revision&revision=1380829

Permissions Required

http://svn.apache.org/viewvc?view=revision&revision=1392248

Permissions Required

http://www-01.ibm.com/support/docview.wss?uid=swg21626891

Third Party Advisory

http://www.securityfocus.com/bid/56403

Broken Link

https://exchange.xforce.ibmcloud.com/vulnerabilities/79809

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2012-5887

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-5887

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-5887

EUVD