5
CVE-2012-5887
- EPSS 12.1%
- Veröffentlicht 17.11.2012 19:55:02
- Zuletzt bearbeitet 16.06.2026 23:47:31
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 12.1% | 0.956 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html
http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html
http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html
http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html
http://tomcat.apache.org/security-7.html
http://rhn.redhat.com/errata/RHSA-2013-0726.html
http://secunia.com/advisories/51371
http://www.ubuntu.com/usn/USN-1637-1
http://rhn.redhat.com/errata/RHSA-2013-0623.html
http://rhn.redhat.com/errata/RHSA-2013-0629.html
http://rhn.redhat.com/errata/RHSA-2013-0631.html
http://rhn.redhat.com/errata/RHSA-2013-0632.html
http://rhn.redhat.com/errata/RHSA-2013-0633.html
http://rhn.redhat.com/errata/RHSA-2013-0640.html
http://rhn.redhat.com/errata/RHSA-2013-0647.html
http://rhn.redhat.com/errata/RHSA-2013-0648.html
http://svn.apache.org/viewvc?view=revision&revision=1377807
http://svn.apache.org/viewvc?view=revision&revision=1380829
http://svn.apache.org/viewvc?view=revision&revision=1392248
http://www-01.ibm.com/support/docview.wss?uid=swg21626891
http://www.securityfocus.com/bid/56403
https://exchange.xforce.ibmcloud.com/vulnerabilities/79809