CVE-2012-5887Improper Authentication in Apache Tomcat

CWE-287Improper Authentication10 documents7 sources
Severity
5.0MEDIUMNVD
EPSS
0.9%
top 24.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Tomcat
Timeline
PublishedNov 17
Latest updateMay 17

Description

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDapache/tomcat5.5.05.5.36+2

🔴Vulnerability Details

3
GHSA
Improper Authentication in Apache Tomcat2022-05-17
OSV
Improper Authentication in Apache Tomcat2022-05-17
CVEList
CVE-2012-5887: The HTTP Digest Access Authentication implementation in Apache Tomcat 52012-11-17

📋Vendor Advisories

4
Red Hat
tomcat: DIGEST authentication vulnerable to replay attacks2013-05-28
Ubuntu
Tomcat vulnerabilities2012-11-21
Red Hat
tomcat: three DIGEST authentication implementation issues2012-11-05
Red Hat
Rejected:2012-11-05

💬Community

2
Bugzilla
CVE-2012-3439 Rejected: CVE-2012-34392015-10-28
Bugzilla
CVE-2013-2051 tomcat: DIGEST authentication vulnerable to replay attacks2013-05-03
CVE-2012-5887 — Improper Authentication in Apache | cvebase