← Zuruck zu CVEs
CVE-2012-5887
N/ABeschreibung
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
CVE Details
CVSS v3.1 BewertungN/A
Veroffentlicht11/17/2012
Zuletzt geandert10/30/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
apache:tomcat
Schwachen (CWE)
CWE-287
Referenzen
http://rhn.redhat.com/errata/RHSA-2013-0623.html(cve@mitre.org)
http://rhn.redhat.com/errata/RHSA-2013-0629.html(cve@mitre.org)
http://rhn.redhat.com/errata/RHSA-2013-0631.html(cve@mitre.org)
http://rhn.redhat.com/errata/RHSA-2013-0632.html(cve@mitre.org)
http://rhn.redhat.com/errata/RHSA-2013-0633.html(cve@mitre.org)
http://rhn.redhat.com/errata/RHSA-2013-0640.html(cve@mitre.org)
http://rhn.redhat.com/errata/RHSA-2013-0647.html(cve@mitre.org)
http://rhn.redhat.com/errata/RHSA-2013-0648.html(cve@mitre.org)
http://rhn.redhat.com/errata/RHSA-2013-0726.html(cve@mitre.org)
http://secunia.com/advisories/51371(cve@mitre.org)
http://svn.apache.org/viewvc?view=revision&revision=1377807(cve@mitre.org)
http://svn.apache.org/viewvc?view=revision&revision=1380829(cve@mitre.org)
http://svn.apache.org/viewvc?view=revision&revision=1392248(cve@mitre.org)
http://tomcat.apache.org/security-5.html(cve@mitre.org)
http://tomcat.apache.org/security-6.html(cve@mitre.org)
http://tomcat.apache.org/security-7.html(cve@mitre.org)
http://www-01.ibm.com/support/docview.wss?uid=swg21626891(cve@mitre.org)
http://www.securityfocus.com/bid/56403(cve@mitre.org)
http://www.ubuntu.com/usn/USN-1637-1(cve@mitre.org)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79809(cve@mitre.org)
http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2013-0623.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2013-0629.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2013-0631.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2013-0632.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2013-0633.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2013-0640.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2013-0647.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2013-0648.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2013-0726.html(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/51371(af854a3a-2127-422b-91ae-364da2661108)
http://svn.apache.org/viewvc?view=revision&revision=1377807(af854a3a-2127-422b-91ae-364da2661108)
http://svn.apache.org/viewvc?view=revision&revision=1380829(af854a3a-2127-422b-91ae-364da2661108)
http://svn.apache.org/viewvc?view=revision&revision=1392248(af854a3a-2127-422b-91ae-364da2661108)
http://tomcat.apache.org/security-5.html(af854a3a-2127-422b-91ae-364da2661108)
http://tomcat.apache.org/security-6.html(af854a3a-2127-422b-91ae-364da2661108)
http://tomcat.apache.org/security-7.html(af854a3a-2127-422b-91ae-364da2661108)
http://www-01.ibm.com/support/docview.wss?uid=swg21626891(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/56403(af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-1637-1(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79809(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.