Lucene search

K
ubuntucveUbuntu.comUB:CVE-2012-5886
HistoryNov 17, 2012 - 12:00 a.m.

CVE-2012-5886

2012-11-1700:00:00
ubuntu.com
ubuntu.com
11

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

71.0%

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x
before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information
about the authenticated user within the session state, which makes it
easier for remote attackers to bypass authentication via vectors related to
the session ID.

Notes

Author Note
mdeslaur This was originally called CVE-2012-3439 same fix as CVE-2012-5885
OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchtomcat6< 6.0.24-2ubuntu1.11UNKNOWN
ubuntu11.10noarchtomcat6< 6.0.32-5ubuntu1.3UNKNOWN
ubuntu12.04noarchtomcat6< 6.0.35-1ubuntu3.1UNKNOWN
ubuntu12.10noarchtomcat6< 6.0.35-5ubuntu0.1UNKNOWN
ubuntu11.10noarchtomcat7< 7.0.21-1ubuntu0.1UNKNOWN
ubuntu12.04noarchtomcat7< 7.0.26-1ubuntu1.2UNKNOWN

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

71.0%

Related for UB:CVE-2012-5886