Detections
Analytics
CVE-2012-5886
medium
Description
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/80407
http://www.ubuntu.com/usn/USN-1637-1
http://www.securityfocus.com/bid/56403
http://www-01.ibm.com/support/docview.wss?uid=swg21626891
http://tomcat.apache.org/security-7.html
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-5.html
http://svn.apache.org/viewvc?view=revision&revision=1392248
http://svn.apache.org/viewvc?view=revision&revision=1380829
http://svn.apache.org/viewvc?view=revision&revision=1377807
http://secunia.com/advisories/51371
http://rhn.redhat.com/errata/RHSA-2013-0726.html
http://rhn.redhat.com/errata/RHSA-2013-0648.html
http://rhn.redhat.com/errata/RHSA-2013-0647.html
http://rhn.redhat.com/errata/RHSA-2013-0640.html
http://rhn.redhat.com/errata/RHSA-2013-0633.html
http://rhn.redhat.com/errata/RHSA-2013-0632.html
http://rhn.redhat.com/errata/RHSA-2013-0631.html
http://rhn.redhat.com/errata/RHSA-2013-0629.html
http://rhn.redhat.com/errata/RHSA-2013-0623.html
http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html
http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html
http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html