Lucene search

K
cveMitreCVE-2012-5887
HistoryNov 17, 2012 - 7:55 p.m.

CVE-2012-5887

2012-11-1719:55:02
CWE-287
mitre
web.nvd.nist.gov
90
apache tomcat
http
digest
access authentication
implementation
vulnerability
cve-2012-5887
nvd

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.5

Confidence

High

EPSS

0.003

Percentile

71.6%

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.

Affected configurations

Nvd
Node
apachetomcatMatch5.5.0
OR
apachetomcatMatch5.5.1
OR
apachetomcatMatch5.5.2
OR
apachetomcatMatch5.5.3
OR
apachetomcatMatch5.5.4
OR
apachetomcatMatch5.5.5
OR
apachetomcatMatch5.5.6
OR
apachetomcatMatch5.5.7
OR
apachetomcatMatch5.5.8
OR
apachetomcatMatch5.5.9
OR
apachetomcatMatch5.5.10
OR
apachetomcatMatch5.5.11
OR
apachetomcatMatch5.5.12
OR
apachetomcatMatch5.5.13
OR
apachetomcatMatch5.5.14
OR
apachetomcatMatch5.5.15
OR
apachetomcatMatch5.5.16
OR
apachetomcatMatch5.5.17
OR
apachetomcatMatch5.5.18
OR
apachetomcatMatch5.5.19
OR
apachetomcatMatch5.5.20
OR
apachetomcatMatch5.5.21
OR
apachetomcatMatch5.5.22
OR
apachetomcatMatch5.5.23
OR
apachetomcatMatch5.5.24
OR
apachetomcatMatch5.5.25
OR
apachetomcatMatch5.5.26
OR
apachetomcatMatch5.5.27
OR
apachetomcatMatch5.5.28
OR
apachetomcatMatch5.5.29
OR
apachetomcatMatch5.5.30
OR
apachetomcatMatch5.5.31
OR
apachetomcatMatch5.5.32
OR
apachetomcatMatch5.5.33
OR
apachetomcatMatch5.5.34
OR
apachetomcatMatch5.5.35
Node
apachetomcatMatch6.0
OR
apachetomcatMatch6.0.0
OR
apachetomcatMatch6.0.0alpha
OR
apachetomcatMatch6.0.1
OR
apachetomcatMatch6.0.1alpha
OR
apachetomcatMatch6.0.2
OR
apachetomcatMatch6.0.2alpha
OR
apachetomcatMatch6.0.2beta
OR
apachetomcatMatch6.0.3
OR
apachetomcatMatch6.0.4
OR
apachetomcatMatch6.0.4alpha
OR
apachetomcatMatch6.0.5
OR
apachetomcatMatch6.0.6
OR
apachetomcatMatch6.0.6alpha
OR
apachetomcatMatch6.0.7
OR
apachetomcatMatch6.0.7alpha
OR
apachetomcatMatch6.0.7beta
OR
apachetomcatMatch6.0.8
OR
apachetomcatMatch6.0.8alpha
OR
apachetomcatMatch6.0.9
OR
apachetomcatMatch6.0.9beta
OR
apachetomcatMatch6.0.10
OR
apachetomcatMatch6.0.11
OR
apachetomcatMatch6.0.12
OR
apachetomcatMatch6.0.13
OR
apachetomcatMatch6.0.14
OR
apachetomcatMatch6.0.15
OR
apachetomcatMatch6.0.16
OR
apachetomcatMatch6.0.17
OR
apachetomcatMatch6.0.18
OR
apachetomcatMatch6.0.19
OR
apachetomcatMatch6.0.20
OR
apachetomcatMatch6.0.24
OR
apachetomcatMatch6.0.26
OR
apachetomcatMatch6.0.27
OR
apachetomcatMatch6.0.28
OR
apachetomcatMatch6.0.29
OR
apachetomcatMatch6.0.30
OR
apachetomcatMatch6.0.31
OR
apachetomcatMatch6.0.32
OR
apachetomcatMatch6.0.33
OR
apachetomcatMatch6.0.35
Node
apachetomcatMatch7.0.0
OR
apachetomcatMatch7.0.0beta
OR
apachetomcatMatch7.0.1
OR
apachetomcatMatch7.0.2
OR
apachetomcatMatch7.0.2beta
OR
apachetomcatMatch7.0.3
OR
apachetomcatMatch7.0.4
OR
apachetomcatMatch7.0.4beta
OR
apachetomcatMatch7.0.5
OR
apachetomcatMatch7.0.6
OR
apachetomcatMatch7.0.7
OR
apachetomcatMatch7.0.8
OR
apachetomcatMatch7.0.9
OR
apachetomcatMatch7.0.10
OR
apachetomcatMatch7.0.11
OR
apachetomcatMatch7.0.12
OR
apachetomcatMatch7.0.13
OR
apachetomcatMatch7.0.14
OR
apachetomcatMatch7.0.15
OR
apachetomcatMatch7.0.16
OR
apachetomcatMatch7.0.17
OR
apachetomcatMatch7.0.18
OR
apachetomcatMatch7.0.19
OR
apachetomcatMatch7.0.20
OR
apachetomcatMatch7.0.21
OR
apachetomcatMatch7.0.22
OR
apachetomcatMatch7.0.23
OR
apachetomcatMatch7.0.25
OR
apachetomcatMatch7.0.28
VendorProductVersionCPE
apachetomcat5.5.0cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*
apachetomcat5.5.1cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*
apachetomcat5.5.2cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*
apachetomcat5.5.3cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*
apachetomcat5.5.4cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*
apachetomcat5.5.5cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*
apachetomcat5.5.6cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*
apachetomcat5.5.7cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*
apachetomcat5.5.8cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*
apachetomcat5.5.9cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*
Rows per page:
1-10 of 1071

References

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.5

Confidence

High

EPSS

0.003

Percentile

71.6%