The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.

OSVersionArchitecturePackageVersionFilename
Debian9alltomcat7< 7.0.75-1tomcat7_7.0.75-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	all	tomcat7	< 7.0.75-1	tomcat7_7.0.75-1_all.deb

prion 5

github 5

veracode 2

cve 6

osv 7

ubuntucve 7

f5 1

securityvulns 5

nessus 54

debiancve 4

redhat 21

ibm 5

openvas 44

fedora 2

amazon 1

ubuntu 2

centos 4

suse 2

oraclelinux 5

tomcat 3

debian 2

vmware 2

gentoo 2

prion

Authentication flaw

2012-11-17 19:55:00

Authentication flaw

2012-01-14 21:55:00

Design/Logic Flaw

2012-01-14 21:55:00

github

Improper Access Control in Apache Tomcat

2022-05-17 00:57:35

Authentication Bypass in Apache Tomcat

2022-05-14 01:17:02

Use of Hard-coded Cryptographic Key in Apache Tomcat

2022-05-14 01:17:03

veracode

Authentication Bypass In The Replay-countermeasure Functionality

2019-01-15 09:00:03

Authentication Bypass By Sniffing Valid Network Requests

2019-01-15 08:51:25

cve

CVE-2012-5885

2012-11-17 19:55:00

CVE-2011-1184

2012-01-14 21:55:00

CVE-2011-5063

2012-01-14 21:55:00

osv

Improper Access Control in Apache Tomcat

2022-05-17 00:57:35

Authentication Bypass in Apache Tomcat

2022-05-14 01:17:02

Improper Authentication in Apache Tomcat

2022-05-14 01:17:03

ubuntucve

CVE-2012-5885

2012-11-17 00:00:00

CVE-2011-1184

2011-09-26 00:00:00

CVE-2011-5062

2012-01-14 00:00:00

K54891070 : Tomcat vulnerabilities CVE-2012-5885, CVE-2012-5886, and CVE-2012-5887

2017-10-11 00:00:00

securityvulns

[SECURITY] CVE-2011-1184 Apache Tomcat - Multiple weaknesses in HTTP DIGEST authentication

2011-09-26 00:00:00

Apache Tomcat digest authentication vulnerabilities

2011-09-26 00:00:00

Apache Tomcat multiple security vulnerabilities

2012-11-26 00:00:00

nessus

Fedora 15 : tomcat6-6.0.32-10.fc15 (2011-15005)

2011-11-14 00:00:00

Fedora 16 : tomcat6-6.0.35-1.fc16 (2012-7593)

2012-08-10 00:00:00

Oracle Solaris Third-Party Patch Update : tomcat (multiple_vulnerabilities_in_apache_tomcat3)

2015-01-19 00:00:00

debiancve

CVE-2011-1184

2012-01-14 21:55:00

CVE-2011-5064

2012-01-14 21:55:00

CVE-2011-5062

2012-01-14 21:55:00

redhat

(RHSA-2013:0632) Moderate: jbossweb security update

2013-03-11 00:00:00

(RHSA-2013:0631) Moderate: jbossweb security update

2013-03-11 00:00:00

(RHSA-2013:0629) Moderate: jbossweb security update

2013-03-11 00:00:00

ibm

Security Bulletin: Multiple vulnerabilities in Rational Collaborative Lifecycle Management 4.0.1 (CVE-2012-5885, CVE-2012-5886, CVE-2012-5887)

2021-04-28 18:35:50

Security Bulletin: Storwize V7000 Unified V1.3.2.3 and V1.4.0.0 Include Fixes for Multiple Vendor Security Vulnerabilities

2022-09-26 04:23:14

Security Bulletin: Apache Log4j Vulnerabilities Affect IBM Sterling B2B Integrator

2021-10-06 14:56:49

openvas

Apache Tomcat Multiple Security Bypass Vulnerabilities (Windows)

2012-11-27 00:00:00

Amazon Linux: Security Advisory (ALAS-2011-25)

2015-09-08 00:00:00

Fedora Update for tomcat6 FEDORA-2012-7593

2012-08-14 00:00:00

fedora

[SECURITY] Fedora 16 Update: tomcat6-6.0.35-1.fc16

2012-08-09 23:11:34

[SECURITY] Fedora 15 Update: tomcat6-6.0.32-10.fc15

2011-11-10 17:33:27

amazon

Important: tomcat6

2011-12-02 22:21:00

ubuntu

Tomcat vulnerabilities

2012-11-21 00:00:00

Tomcat vulnerabilities

2011-11-08 00:00:00

centos

tomcat5 security update

2013-03-12 19:14:34

tomcat6 security update

2013-03-12 05:31:44

tomcat6 security update

2011-12-22 16:00:12

suse

Security update for tomcat6 (important)

2012-02-07 04:08:27

tomcat6: Fix multiple weaknesses in HTTP DIGESTS (important)

2012-02-09 19:09:55

oraclelinux

tomcat5 security update

2013-03-12 00:00:00

tomcat6 security update

2013-03-11 00:00:00

tomcat5 security update

2012-04-11 00:00:00

tomcat

Fixed in Apache Tomcat 7.0.12

2011-04-06 00:00:00

Fixed in Apache Tomcat 6.0.33

2011-08-18 00:00:00

Fixed in Apache Tomcat 5.5.34

2011-09-22 00:00:00

debian

[SECURITY] [DSA 2725-1] tomcat6 security update

2013-07-18 17:58:50

[SECURITY] [DSA 2401-1] tomcat6 security update

2012-02-02 19:29:50

vmware

VMware security updates for vCenter Server

2013-04-25 00:00:00

VMware security updates for vCenter Server

2013-04-25 00:00:00

gentoo

Apache Tomcat: Multiple vulnerabilities

2014-12-15 00:00:00

Apache Tomcat: Multiple vulnerabilities

2012-06-24 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON

Related for DEBIANCVE:CVE-2012-5885