← Retour aux CVEs
CVE-2012-5887
N/ADescription
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
Details CVE
Score CVSS v3.1N/A
Publie11/17/2012
Derniere modification10/30/2025
Sourcenvd
Observations honeypot0
Produits affectes
apache:tomcat
Faiblesses (CWE)
CWE-287
References
http://rhn.redhat.com/errata/RHSA-2013-0623.html(cve@mitre.org)
http://rhn.redhat.com/errata/RHSA-2013-0629.html(cve@mitre.org)
http://rhn.redhat.com/errata/RHSA-2013-0631.html(cve@mitre.org)
http://rhn.redhat.com/errata/RHSA-2013-0632.html(cve@mitre.org)
http://rhn.redhat.com/errata/RHSA-2013-0633.html(cve@mitre.org)
http://rhn.redhat.com/errata/RHSA-2013-0640.html(cve@mitre.org)
http://rhn.redhat.com/errata/RHSA-2013-0647.html(cve@mitre.org)
http://rhn.redhat.com/errata/RHSA-2013-0648.html(cve@mitre.org)
http://rhn.redhat.com/errata/RHSA-2013-0726.html(cve@mitre.org)
http://secunia.com/advisories/51371(cve@mitre.org)
http://svn.apache.org/viewvc?view=revision&revision=1377807(cve@mitre.org)
http://svn.apache.org/viewvc?view=revision&revision=1380829(cve@mitre.org)
http://svn.apache.org/viewvc?view=revision&revision=1392248(cve@mitre.org)
http://tomcat.apache.org/security-5.html(cve@mitre.org)
http://tomcat.apache.org/security-6.html(cve@mitre.org)
http://tomcat.apache.org/security-7.html(cve@mitre.org)
http://www-01.ibm.com/support/docview.wss?uid=swg21626891(cve@mitre.org)
http://www.securityfocus.com/bid/56403(cve@mitre.org)
http://www.ubuntu.com/usn/USN-1637-1(cve@mitre.org)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79809(cve@mitre.org)
http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2013-0623.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2013-0629.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2013-0631.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2013-0632.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2013-0633.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2013-0640.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2013-0647.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2013-0648.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2013-0726.html(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/51371(af854a3a-2127-422b-91ae-364da2661108)
http://svn.apache.org/viewvc?view=revision&revision=1377807(af854a3a-2127-422b-91ae-364da2661108)
http://svn.apache.org/viewvc?view=revision&revision=1380829(af854a3a-2127-422b-91ae-364da2661108)
http://svn.apache.org/viewvc?view=revision&revision=1392248(af854a3a-2127-422b-91ae-364da2661108)
http://tomcat.apache.org/security-5.html(af854a3a-2127-422b-91ae-364da2661108)
http://tomcat.apache.org/security-6.html(af854a3a-2127-422b-91ae-364da2661108)
http://tomcat.apache.org/security-7.html(af854a3a-2127-422b-91ae-364da2661108)
http://www-01.ibm.com/support/docview.wss?uid=swg21626891(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/56403(af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-1637-1(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79809(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.