Moderate: DIGEST authentication weakness CVE-2012-3439
Three weaknesses in Tomcatโs implementation of DIGEST authentication were identified and resolved:
These issues reduced the security of DIGEST authentication making replay attacks possible in some circumstances.
This was fixed in revision 1392248.
The first issue was reported by Tilmann Kuhn to the Tomcat security team on 19 July 2012. The second and third issues were discovered by the Tomcat security team during the resulting code review. All three issues were made public on 5 November 2012.
Affects: 5.5.0-5.5.35
CPE | Name | Operator | Version |
---|---|---|---|
apache tomcat | ge | 5.5.0 | |
apache tomcat | le | 5.5.35 |