5

CVE-2012-5887

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheTomcat Version >= 5.5.0 < 5.5.36
ApacheTomcat Version >= 6.0.0 < 6.0.36
ApacheTomcat Version >= 7.0.0 < 7.0.30
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 12.1% 0.956
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://tomcat.apache.org/security-5.html
Vendor Advisory
http://tomcat.apache.org/security-6.html
Vendor Advisory
http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html
Third Party Advisory
http://tomcat.apache.org/security-7.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0726.html
Third Party Advisory
http://secunia.com/advisories/51371
Broken Link
http://www.ubuntu.com/usn/USN-1637-1
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0623.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0629.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0631.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0632.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0633.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0640.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0647.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0648.html
Third Party Advisory
http://svn.apache.org/viewvc?view=revision&revision=1377807
Permissions Required
http://svn.apache.org/viewvc?view=revision&revision=1380829
Permissions Required
http://svn.apache.org/viewvc?view=revision&revision=1392248
Permissions Required
http://www-01.ibm.com/support/docview.wss?uid=swg21626891
Third Party Advisory
http://www.securityfocus.com/bid/56403
Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/79809
Third Party Advisory
VDB Entry