Lucene search
Ubuntu.comUB:CVE-2012-5885HistoryNov 17, 2012 - 12:00 a.m.
CVE-2012-5885
2012-11-1700:00:00
ubuntu.com
ubuntu.com
12
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
53.5%
The replay-countermeasure functionality in the HTTP Digest Access
Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x
before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce)
values instead of nonce (aka server nonce) and nc (aka nonce-count) values,
which makes it easier for remote attackers to bypass intended access
restrictions by sniffing the network for valid requests, a different
vulnerability than CVE-2011-1184.
Notes
| Author | Note |
|---|---|
| mdeslaur | This was originally called CVE-2012-3439 |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 10.04 | noarch | tomcat6 | <ย 6.0.24-2ubuntu1.11 | UNKNOWN |
| ubuntu | 11.10 | noarch | tomcat6 | <ย 6.0.32-5ubuntu1.3 | UNKNOWN |
| ubuntu | 12.04 | noarch | tomcat6 | <ย 6.0.35-1ubuntu3.1 | UNKNOWN |
| ubuntu | 12.10 | noarch | tomcat6 | <ย 6.0.35-5ubuntu0.1 | UNKNOWN |
| ubuntu | 11.10 | noarch | tomcat7 | <ย 7.0.21-1ubuntu0.1 | UNKNOWN |
| ubuntu | 12.04 | noarch | tomcat7 | <ย 7.0.26-1ubuntu1.2 | UNKNOWN |
References
Related
prion
prion
Authentication flaw
2012-11-17 19:55:00
Authentication flaw
2012-01-14 21:55:00
Hardcoded credentials
2012-01-14 21:55:00
github
github
Improper Access Control in Apache Tomcat
2022-05-17 00:57:35
Authentication Bypass in Apache Tomcat
2022-05-14 01:17:02
Improper Authentication in Apache Tomcat
2022-05-14 01:17:03
veracode
veracode
Authentication Bypass In The Replay-countermeasure Functionality
2019-01-15 09:00:03
Authentication Bypass By Sniffing Valid Network Requests
2019-01-15 08:51:25
cve
cve
debiancve
debiancve
osv
osv
Improper Access Control in Apache Tomcat
2022-05-17 00:57:35
Authentication Bypass in Apache Tomcat
2022-05-14 01:17:02
Improper Authentication in Apache Tomcat
2022-05-14 01:17:03
ubuntucve
ubuntucve
f5
f5
freebsd
freebsd
tomcat -- authentication weaknesses
2012-11-05 00:00:00
oraclelinux
oraclelinux
tomcat5 security update
2013-03-12 00:00:00
tomcat6 security update
2013-03-11 00:00:00
tomcat6 security update
2013-05-28 00:00:00
securityvulns
securityvulns
[USN-1637-1] Tomcat vulnerabilities
2012-11-26 00:00:00
[SECURITY] CVE-2011-1184 Apache Tomcat - Multiple weaknesses in HTTP DIGEST authentication
2011-09-26 00:00:00
Apache Tomcat digest authentication vulnerabilities
2011-09-26 00:00:00
seebug
seebug
Apache Tomcat DIGEST่บซไปฝ้ช่ฏๅคไธชๅฎๅ
จๆผๆด(CVE-2012-3439)
2012-11-07 00:00:00
openvas
openvas
Ubuntu Update for tomcat6 USN-1637-1
2012-11-23 00:00:00
Ubuntu Update for tomcat6 USN-1637-1
2012-11-23 00:00:00
Apache Tomcat Multiple Security Bypass Vulnerabilities (Windows)
2012-11-27 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 5.5.36
2012-10-10 00:00:00
Fixed in Apache Tomcat 7.0.30
2012-09-06 00:00:00
Fixed in Apache Tomcat 6.0.36
2012-10-19 00:00:00
nessus
nessus
Fedora 15 : tomcat6-6.0.32-10.fc15 (2011-15005)
2011-11-14 00:00:00
Fedora 16 : tomcat6-6.0.35-1.fc16 (2012-7593)
2012-08-10 00:00:00
redhat
redhat
(RHSA-2013:0632) Moderate: jbossweb security update
2013-03-11 00:00:00
(RHSA-2013:0629) Moderate: jbossweb security update
2013-03-11 00:00:00
(RHSA-2013:0631) Moderate: jbossweb security update
2013-03-11 00:00:00
atlassian
atlassian
Upgrade bundled Tomcat to the latest minor release
2013-06-19 09:30:24
Upgrade bundled Tomcat to the latest minor release
2013-06-19 09:30:24
Upgrade bundled Tomcat to the latest minor release
2013-06-19 09:30:24
ibm
ibm
amazon
amazon
Important: tomcat6
2011-12-02 22:21:00
fedora
fedora
[SECURITY] Fedora 16 Update: tomcat6-6.0.35-1.fc16
2012-08-09 23:11:34
[SECURITY] Fedora 15 Update: tomcat6-6.0.32-10.fc15
2011-11-10 17:33:27
[SECURITY] Fedora 16 Update: tomcat-7.0.33-1.fc16
2012-12-19 08:29:53
ubuntu
ubuntu
Tomcat vulnerabilities
2012-11-21 00:00:00
Tomcat vulnerabilities
2011-11-08 00:00:00
centos
centos
tomcat5 security update
2013-03-12 19:14:34
tomcat6 security update
2013-03-12 05:31:44
tomcat5 security update
2011-12-20 19:18:57
suse
suse
tomcat6: Fix multiple weaknesses in HTTP DIGESTS (important)
2012-02-09 19:09:55
Security update for tomcat6 (important)
2012-02-07 04:08:27
debian
debian
[SECURITY] [DLA 91-1] tomcat6 security update
2014-11-23 09:02:25
[SECURITY] [DSA 2725-1] tomcat6 security update
2013-07-18 17:58:50
[SECURITY] [DSA 2401-1] tomcat6 security update
2012-02-02 19:29:50
vmware
vmware
VMware security updates for vCenter Server
2013-04-25 00:00:00
VMware security updates for vCenter Server
2013-04-25 00:00:00
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
53.5%
Related for UB:CVE-2012-5885