CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
71.6%
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
Vendor | Product | Version | CPE |
---|---|---|---|
apache | tomcat | 5.5.0 | cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:* |
apache | tomcat | 5.5.1 | cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:* |
apache | tomcat | 5.5.2 | cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:* |
apache | tomcat | 5.5.3 | cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:* |
apache | tomcat | 5.5.4 | cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:* |
apache | tomcat | 5.5.5 | cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:* |
apache | tomcat | 5.5.6 | cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:* |
apache | tomcat | 5.5.7 | cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:* |
apache | tomcat | 5.5.8 | cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:* |
apache | tomcat | 5.5.9 | cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:* |
lists.opensuse.org/opensuse-updates/2012-12/msg00089.html
lists.opensuse.org/opensuse-updates/2012-12/msg00090.html
lists.opensuse.org/opensuse-updates/2013-01/msg00037.html
rhn.redhat.com/errata/RHSA-2013-0623.html
rhn.redhat.com/errata/RHSA-2013-0629.html
rhn.redhat.com/errata/RHSA-2013-0631.html
rhn.redhat.com/errata/RHSA-2013-0632.html
rhn.redhat.com/errata/RHSA-2013-0633.html
rhn.redhat.com/errata/RHSA-2013-0640.html
rhn.redhat.com/errata/RHSA-2013-0647.html
rhn.redhat.com/errata/RHSA-2013-0648.html
rhn.redhat.com/errata/RHSA-2013-0726.html
secunia.com/advisories/51371
svn.apache.org/viewvc?view=revision&revision=1377807
svn.apache.org/viewvc?view=revision&revision=1380829
svn.apache.org/viewvc?view=revision&revision=1392248
tomcat.apache.org/security-5.html
tomcat.apache.org/security-6.html
tomcat.apache.org/security-7.html
www-01.ibm.com/support/docview.wss?uid=swg21626891
www.securityfocus.com/bid/56403
www.ubuntu.com/usn/USN-1637-1
exchange.xforce.ibmcloud.com/vulnerabilities/79809