Detections
Analytics
CVE-2012-5887
medium
Description
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/79809
http://www.ubuntu.com/usn/USN-1637-1
http://www.securityfocus.com/bid/56403
http://www-01.ibm.com/support/docview.wss?uid=swg21626891
http://tomcat.apache.org/security-7.html
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-5.html
http://svn.apache.org/viewvc?view=revision&revision=1392248
http://svn.apache.org/viewvc?view=revision&revision=1380829
http://svn.apache.org/viewvc?view=revision&revision=1377807
http://secunia.com/advisories/51371
http://rhn.redhat.com/errata/RHSA-2013-0726.html
http://rhn.redhat.com/errata/RHSA-2013-0648.html
http://rhn.redhat.com/errata/RHSA-2013-0647.html
http://rhn.redhat.com/errata/RHSA-2013-0640.html
http://rhn.redhat.com/errata/RHSA-2013-0633.html
http://rhn.redhat.com/errata/RHSA-2013-0632.html
http://rhn.redhat.com/errata/RHSA-2013-0631.html
http://rhn.redhat.com/errata/RHSA-2013-0629.html
http://rhn.redhat.com/errata/RHSA-2013-0623.html
http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html
http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html
http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html