tomcat: three DIGEST authentication implementation issues

🗓️ 12 Mar 2013 17:57:00Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 4 Views

Tomcat Digest Access Authentication fails to validate stale nonces, enabling remote bypass by sniffing traffic.

Reporter	Title	Published	Views	Family All 119
IBM Security Bulletins	Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities	16 Jun 202221:33	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Rational Collaborative Lifecycle Management 4.0.1 (CVE-2012-5885, CVE-2012-5886, CVE-2012-5887)	28 Apr 202118:35	–	ibm
IBM Security Bulletins	Security Bulletin: Apache Log4j Vulnerabilities Affect IBM Sterling B2B Integrator	6 Oct 202114:56	–	ibm
Tenable Nessus	Apache Tomcat 7.0.x < 7.0.30 DIGEST Authentication Multiple Security Weaknesses	26 Nov 201200:00	–	nessus
Tenable Nessus	Apache Tomcat 6.0.x < 6.0.36 Multiple Vulnerabilities	26 Nov 201200:00	–	nessus
Tenable Nessus	CentOS 6 : tomcat6 (CESA-2013:0623)	13 Mar 201300:00	–	nessus
Tenable Nessus	CentOS 5 : tomcat5 (CESA-2013:0640)	14 Mar 201300:00	–	nessus
Tenable Nessus	CentOS 6 : tomcat6 (CESA-2013:0869)	30 May 201300:00	–	nessus
Tenable Nessus	Debian DSA-2725-1 : tomcat6 - several vulnerabilities	19 Jul 201300:00	–	nessus
Tenable Nessus	Fedora 16 : tomcat-7.0.33-1.fc16 (2012-20151)	20 Dec 201200:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	5	i386	tomcat5	0:5.5.23-0jpp.38.el5_9	tomcat5-0:5.5.23-0jpp.38.el5_9.i386.rpm
Red Hat Enterprise Linux	5	ia64	tomcat5	0:5.5.23-0jpp.38.el5_9	tomcat5-0:5.5.23-0jpp.38.el5_9.ia64.rpm
Red Hat Enterprise Linux	5	ppc	tomcat5	0:5.5.23-0jpp.38.el5_9	tomcat5-0:5.5.23-0jpp.38.el5_9.ppc.rpm
Red Hat Enterprise Linux	5	ppc64	tomcat5	0:5.5.23-0jpp.38.el5_9	tomcat5-0:5.5.23-0jpp.38.el5_9.ppc64.rpm
Red Hat Enterprise Linux	5	s390x	tomcat5	0:5.5.23-0jpp.38.el5_9	tomcat5-0:5.5.23-0jpp.38.el5_9.s390x.rpm
Red Hat Enterprise Linux	5	x86_64	tomcat5	0:5.5.23-0jpp.38.el5_9	tomcat5-0:5.5.23-0jpp.38.el5_9.x86_64.rpm
Red Hat Enterprise Linux	5	i386	tomcat5-admin-webapps	0:5.5.23-0jpp.38.el5_9	tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.i386.rpm
Red Hat Enterprise Linux	5	ia64	tomcat5-admin-webapps	0:5.5.23-0jpp.38.el5_9	tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.ia64.rpm
Red Hat Enterprise Linux	5	ppc	tomcat5-admin-webapps	0:5.5.23-0jpp.38.el5_9	tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.ppc.rpm
Red Hat Enterprise Linux	5	s390x	tomcat5-admin-webapps	0:5.5.23-0jpp.38.el5_9	tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.s390x.rpm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2012-5887
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2012-5887
cve	www.cve.org/CVERecord

14 May 2026 22:16Current

7.3High risk

Vulners AI Score7.3

CVSS 25

EPSS0.00895

tomcat digest authentication stale nonce nonce validation remote bypass sniffing traffic five point five six point zero seven point zero unix