CVE-2012-5887
published 2012-11-17CVE-2012-5887: The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for…
PriorityP337medium5CVSS 2.0
AVNACLAuNCNIPAN
EPSS
12.10%
95.6th percentile
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | tomcat | >= 5.5.0 < 5.5.36 | 5.5.36 |
| apache | tomcat | >= 6.0.0 < 6.0.36 | 6.0.36 |
| apache | tomcat | >= 7.0.0 < 7.0.30 | 7.0.30 |
| redhat | enterprise_linux | — | — |
| vmware | esxi | — | — |
| vmware | vcenter_server | — | — |
| vmware | vmware_vsphere | — | — |
| vmware | vmware_workstation | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
vendor_redhat5.0MEDIUM
vendor_ubuntu5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
tomcat: DIGEST authentication vulnerable to replay attacks
vendor_redhat·2013-05-28·CVSS 5.0
CVE-2013-2051 [MEDIUM] tomcat: DIGEST authentication vulnerable to replay attacks
tomcat: DIGEST authentication vulnerable to replay attacks
The Tomcat 6 DIGEST authentication functionality as used in Red Hat Enterprise Linux 6 allows remote attackers to bypass intended access restrictions by performing a replay attack after a nonce becomes stale. NOTE: this issue is due to an incomplete fix for CVE-2012-5887.
VMware
VMware security updates for vCenter Server
vendor_vmware·2013-04-25·CVSS 7.2
CVE-2012-2337 [HIGH] VMware security updates for vCenter Server
VMSA-2013-0006: VMware security updates for vCenter Server
a. vCenter Server AD anonymous LDAP binding credential by-pass vCenter Server when deployed in an environment that uses Active Directory (AD) with anonymous LDAP binding enabled doesn't properly handle login credentials. In this environment, authenticating to vCenter Server with a valid user name and a blank password may be successful even if a non-blank password is required for the account. The issue is present on vCenter Server 5.1, 5.1a and 5.1b if AD anonymous LDAP binding is enabled. The issue is addressed in vCenter Server 5.1 Update 1 by removing the possibility to authenticate using blank passwords. This change in the authentication mechanism is present regardless if anonymous binding is enabled or not.
CVEs: CVE-2012-233
Ubuntu
Tomcat vulnerabilities
vendor_ubuntu·2012-11-21·CVSS 5.0
CVE-2012-2733 [MEDIUM] Tomcat vulnerabilities
Title: Tomcat vulnerabilities
Summary: Several security issues were fixed in Apache Tomcat.
It was discovered that the Apache Tomcat HTTP NIO connector incorrectly
handled header data. A remote attacker could cause a denial of service by
sending requests with a large amount of header data. (CVE-2012-2733)
It was discovered that Apache Tomcat incorrectly handled DIGEST
authentication. A remote attacker could possibly use these flaws to perform
a replay attack and bypass authentication. (CVE-2012-5885, CVE-2012-5886,
CVE-2012-5887)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
Rejected:
vendor_redhat·2012-11-05·CVSS 5.0
CVE-2012-3439 [MEDIUM] Rejected:
Rejected:
No description is available for this CVE.
Statement: CVE-2012-3439 has been rejected. Please see CVE-2012-5885, CVE-2012-5886, or CVE-2012-5887 instead.
Red Hat
tomcat: three DIGEST authentication implementation issues
vendor_redhat·2012-11-05·CVSS 5.0
CVE-2012-5887 [MEDIUM] tomcat: three DIGEST authentication implementation issues
tomcat: three DIGEST authentication implementation issues
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
Package: jbossweb (Red Hat JBoss BRMS 5) - Affected
Package: jbossweb (Red Hat JBoss Data Grid 6) - Affected
Package: tomcat7 (Red Hat JBoss Enterprise Web Server 2) - Not affected
Package: jbossweb (Red Hat JBoss Operations Network 3.1) - Not affected
Package: jbossweb (Red Hat JBoss Portal 5) - Will not fix
Package: jbossweb (Red Hat JBoss SOA Platform 5) - Affected
GHSA
Improper Authentication in Apache Tomcat
ghsa·2022-05-17
CVE-2012-5887 [MEDIUM] CWE-287 Improper Authentication in Apache Tomcat
Improper Authentication in Apache Tomcat
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
OSV
Improper Authentication in Apache Tomcat
osv·2022-05-17
CVE-2012-5887 [MEDIUM] Improper Authentication in Apache Tomcat
Improper Authentication in Apache Tomcat
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
GHSA
GHSA-gf84-qmh9-28vw: The Tomcat 6 DIGEST authentication functionality as used in Red Hat Enterprise Linux 6 allows remote attackers to bypass intended access restrictions
ghsa_unreviewed·2022-05-14·CVSS 5.0
CVE-2013-2051 [MEDIUM] GHSA-gf84-qmh9-28vw: The Tomcat 6 DIGEST authentication functionality as used in Red Hat Enterprise Linux 6 allows remote attackers to bypass intended access restrictions
The Tomcat 6 DIGEST authentication functionality as used in Red Hat Enterprise Linux 6 allows remote attackers to bypass intended access restrictions by performing a replay attack after a nonce becomes stale. NOTE: this issue is due to an incomplete fix for CVE-2012-5887.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2012-3439 Rejected: CVE-2012-3439
bugzilla·2015-10-28·CVSS 5.0
CVE-2012-3439 [MEDIUM] CVE-2012-3439 Rejected: CVE-2012-3439
CVE-2012-3439 Rejected: CVE-2012-3439
Statement:
CVE-2012-3439 has been rejected. Please see CVE-2012-5885, CVE-2012-5886, or CVE-2012-5887 instead.
Discussion:
*** This bug has been marked as a duplicate of bug 873664 ***
Bugzilla
CVE-2013-2051 tomcat: DIGEST authentication vulnerable to replay attacks
bugzilla·2013-05-03·CVSS 5.0
CVE-2013-2051 [MEDIUM] CVE-2013-2051 tomcat: DIGEST authentication vulnerable to replay attacks
CVE-2013-2051 tomcat: DIGEST authentication vulnerable to replay attacks
It was found that the fix for CVE-2012-5887 shipped for tomcat 6 on Red Hat Enterprise Linux 6 (RHSA-2013:0623) was incomplete. The fix only allowed DIGEST authentication to succeed when a stale nonce was provided, rather than when a stale nonce was NOT provided. As a result, DIGEST authentication did not function. However, a man-in-the-middle attacker could record a DIGEST authentication exchange, wait until the associated nonce is marked as stale on the server, then successfully replay this request.
Discussion:
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2013:0869 https://rhn.redhat.com/errata/RHSA-2013-0869.html
http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.htmlhttp://lists.opensuse.org/opensuse-updates/2012-12/msg00090.htmlhttp://lists.opensuse.org/opensuse-updates/2013-01/msg00037.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0623.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0629.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0631.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0632.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0633.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0640.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0647.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0648.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0726.htmlhttp://secunia.com/advisories/51371http://svn.apache.org/viewvc?view=revision&revision=1377807http://svn.apache.org/viewvc?view=revision&revision=1380829http://svn.apache.org/viewvc?view=revision&revision=1392248http://tomcat.apache.org/security-5.htmlhttp://tomcat.apache.org/security-6.htmlhttp://tomcat.apache.org/security-7.htmlhttp://www-01.ibm.com/support/docview.wss?uid=swg21626891http://www.securityfocus.com/bid/56403http://www.ubuntu.com/usn/USN-1637-1https://exchange.xforce.ibmcloud.com/vulnerabilities/79809http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.htmlhttp://lists.opensuse.org/opensuse-updates/2012-12/msg00090.htmlhttp://lists.opensuse.org/opensuse-updates/2013-01/msg00037.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0623.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0629.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0631.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0632.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0633.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0640.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0647.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0648.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0726.htmlhttp://secunia.com/advisories/51371http://svn.apache.org/viewvc?view=revision&revision=1377807http://svn.apache.org/viewvc?view=revision&revision=1380829http://svn.apache.org/viewvc?view=revision&revision=1392248http://tomcat.apache.org/security-5.htmlhttp://tomcat.apache.org/security-6.htmlhttp://tomcat.apache.org/security-7.htmlhttp://www-01.ibm.com/support/docview.wss?uid=swg21626891http://www.securityfocus.com/bid/56403http://www.ubuntu.com/usn/USN-1637-1https://exchange.xforce.ibmcloud.com/vulnerabilities/79809
2012-11-17
Published