Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
tomcatApache TomcatTOMCAT:86F4A891B6EAC74A73C41E9C1370EA3F
HistoryOct 10, 2012 - 12:00 a.m.

Fixed in Apache Tomcat 5.5.36

2012-10-1000:00:00
Apache Tomcat
tomcat.apache.org
17
JSON

Moderate: DIGEST authentication weakness CVE-2012-3439

Three weaknesses in Tomcatโ€™s implementation of DIGEST authentication were identified and resolved:

  1. Tomcat tracked client rather than server nonces and nonce count.
  2. When a session ID was present, authentication was bypassed.
  3. The user name and password were not checked before when indicating that a nonce was stale.

These issues reduced the security of DIGEST authentication making replay attacks possible in some circumstances.

This was fixed in revision 1392248.

The first issue was reported by Tilmann Kuhn to the Tomcat security team on 19 July 2012. The second and third issues were discovered by the Tomcat security team during the resulting code review. All three issues were made public on 5 November 2012.

Affects: 5.5.0-5.5.35

CPENameOperatorVersion
apache tomcatge5.5.0
apache tomcatle5.5.35

Related

freebsd 1
seebug 1
ubuntucve 3
oraclelinux 3
atlassian 6
tomcat 2
cve 1
fedora 1
openvas 5
securityvulns 1
osv 2
debian 1
freebsd
freebsd
tomcat -- authentication weaknesses
2012-11-05 00:00:00
seebug
seebug
Apache Tomcat DIGEST่บซไปฝ้ชŒ่ฏๅคšไธชๅฎ‰ๅ…จๆผๆดž(CVE-2012-3439)
2012-11-07 00:00:00
ubuntucve
ubuntucve
CVE-2012-5887
2012-11-17 00:00:00
CVE-2012-5886
2012-11-17 00:00:00
CVE-2012-5885
2012-11-17 00:00:00
oraclelinux
oraclelinux
tomcat6 security update
2013-05-28 00:00:00
tomcat5 security update
2013-03-12 00:00:00
tomcat6 security update
2013-03-11 00:00:00
atlassian
atlassian
Upgrade bundled Tomcat to the latest minor release
2013-06-19 09:30:24
Upgrade bundled Tomcat to the latest minor release
2013-06-19 09:30:24
Upgrade bundled Tomcat to the latest minor release
2013-06-19 09:30:24
tomcat
tomcat
Fixed in Apache Tomcat 7.0.30
2012-09-06 00:00:00
Fixed in Apache Tomcat 6.0.36
2012-10-19 00:00:00
cve
cve
CVE-2012-3439
2012-11-17 19:55:00
fedora
fedora
[SECURITY] Fedora 16 Update: tomcat-7.0.33-1.fc16
2012-12-19 08:29:53
openvas
openvas
Fedora Update for tomcat FEDORA-2012-20151
2012-12-26 00:00:00
Ubuntu Update for tomcat6 USN-1637-1
2012-11-23 00:00:00
Ubuntu Update for tomcat6 USN-1637-1
2012-11-23 00:00:00
securityvulns
securityvulns
[USN-1637-1] Tomcat vulnerabilities
2012-11-26 00:00:00
osv
osv
tomcat6 - regression update
2014-11-23 00:00:00
tomcat6 - security update
2014-11-23 00:00:00
debian
debian
[SECURITY] [DLA 91-1] tomcat6 security update
2014-11-23 09:02:25
JSON
Related for TOMCAT:86F4A891B6EAC74A73C41E9C1370EA3F
freebsd1seebug1ubuntucve3oraclelinux3atlassian6tomcat2cve1fedora1openvas5securityvulns1osv2debian1