CVE-2012-5886Improper Authentication in Apache Tomcat

CWE-287Improper Authentication11 documents7 sources
Severity
5.0MEDIUMNVD
EPSS
0.6%
top 31.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Tomcat
Timeline
PublishedNov 17
Latest updateMay 17

Description

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDapache/tomcat94 versions+93

🔴Vulnerability Details

3
OSV
Improper Authentication in Apache Tomcat2022-05-17
GHSA
Improper Authentication in Apache Tomcat2022-05-17
CVEList
CVE-2012-5886: The HTTP Digest Access Authentication implementation in Apache Tomcat 52012-11-17

📋Vendor Advisories

3
Ubuntu
Tomcat vulnerabilities2012-11-21
Red Hat
tomcat: three DIGEST authentication implementation issues2012-11-05
Red Hat
Rejected:2012-11-05

💬Community

4
Bugzilla
CVE-2012-3439 Rejected: CVE-2012-34392015-10-28
Bugzilla
CVE-2012-5885 CVE-2012-5886 CVE-2012-5587 CVE-2012-2733 tomcat various flaws [fedora-16]2012-11-06
Bugzilla
CVE-2012-5885 CVE-2012-5886 CVE-2012-5587 tomcat5: Three weaknesses in the DIGEST authentication implementation [fedora-16]2012-11-06
Bugzilla
CVE-2012-5885 CVE-2012-5886 CVE-2012-5587 CVE-2012-2733 tomcat6 various flaws [fedora-all]2012-11-06
CVE-2012-5886 — Improper Authentication in Apache | cvebase