← Volver a CVEs
CVE-2012-5887
N/ADescripcion
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
Detalles CVE
Puntuacion CVSS v3.1N/A
Publicado11/17/2012
Ultima modificacion10/30/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
apache:tomcat
Debilidades (CWE)
CWE-287
Referencias
http://rhn.redhat.com/errata/RHSA-2013-0623.html(cve@mitre.org)
http://rhn.redhat.com/errata/RHSA-2013-0629.html(cve@mitre.org)
http://rhn.redhat.com/errata/RHSA-2013-0631.html(cve@mitre.org)
http://rhn.redhat.com/errata/RHSA-2013-0632.html(cve@mitre.org)
http://rhn.redhat.com/errata/RHSA-2013-0633.html(cve@mitre.org)
http://rhn.redhat.com/errata/RHSA-2013-0640.html(cve@mitre.org)
http://rhn.redhat.com/errata/RHSA-2013-0647.html(cve@mitre.org)
http://rhn.redhat.com/errata/RHSA-2013-0648.html(cve@mitre.org)
http://rhn.redhat.com/errata/RHSA-2013-0726.html(cve@mitre.org)
http://secunia.com/advisories/51371(cve@mitre.org)
http://svn.apache.org/viewvc?view=revision&revision=1377807(cve@mitre.org)
http://svn.apache.org/viewvc?view=revision&revision=1380829(cve@mitre.org)
http://svn.apache.org/viewvc?view=revision&revision=1392248(cve@mitre.org)
http://tomcat.apache.org/security-5.html(cve@mitre.org)
http://tomcat.apache.org/security-6.html(cve@mitre.org)
http://tomcat.apache.org/security-7.html(cve@mitre.org)
http://www-01.ibm.com/support/docview.wss?uid=swg21626891(cve@mitre.org)
http://www.securityfocus.com/bid/56403(cve@mitre.org)
http://www.ubuntu.com/usn/USN-1637-1(cve@mitre.org)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79809(cve@mitre.org)
http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2013-0623.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2013-0629.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2013-0631.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2013-0632.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2013-0633.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2013-0640.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2013-0647.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2013-0648.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2013-0726.html(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/51371(af854a3a-2127-422b-91ae-364da2661108)
http://svn.apache.org/viewvc?view=revision&revision=1377807(af854a3a-2127-422b-91ae-364da2661108)
http://svn.apache.org/viewvc?view=revision&revision=1380829(af854a3a-2127-422b-91ae-364da2661108)
http://svn.apache.org/viewvc?view=revision&revision=1392248(af854a3a-2127-422b-91ae-364da2661108)
http://tomcat.apache.org/security-5.html(af854a3a-2127-422b-91ae-364da2661108)
http://tomcat.apache.org/security-6.html(af854a3a-2127-422b-91ae-364da2661108)
http://tomcat.apache.org/security-7.html(af854a3a-2127-422b-91ae-364da2661108)
http://www-01.ibm.com/support/docview.wss?uid=swg21626891(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/56403(af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-1637-1(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79809(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.