JVN/CVE Demo: Cveinfos

CVE

Id: 59128
CVE No.: CVE-2012-5885
Status: Candidate
Description: The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
Phase: Assigned (20121117)
Votes: None (candidate not yet proposed)
Comments

Actions

Related CVE References

Id	CVE Id	CVE No.	Reference	Actions
603584	59128	CVE-2012-5885	CONFIRM:http://svn.apache.org/viewvc?view=revision&revision=1377807	View
603585	59128	CVE-2012-5885	CONFIRM:http://svn.apache.org/viewvc?view=revision&revision=1380829	View
603586	59128	CVE-2012-5885	CONFIRM:http://svn.apache.org/viewvc?view=revision&revision=1392248	View
603587	59128	CVE-2012-5885	CONFIRM:http://tomcat.apache.org/security-5.html	View
603588	59128	CVE-2012-5885	CONFIRM:http://tomcat.apache.org/security-6.html	View
603589	59128	CVE-2012-5885	CONFIRM:http://tomcat.apache.org/security-7.html	View
603590	59128	CVE-2012-5885	CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21626891	View
603591	59128	CVE-2012-5885	HP:HPSBUX02860	View
603592	59128	CVE-2012-5885	URL:http://marc.info/?l=bugtraq&m=136485229118404&w=2	View
603593	59128	CVE-2012-5885	HP:SSRT101146	View
603594	59128	CVE-2012-5885	URL:http://marc.info/?l=bugtraq&m=136485229118404&w=2	View
603595	59128	CVE-2012-5885	HP:HPSBUX02866	View
603596	59128	CVE-2012-5885	URL:http://marc.info/?l=bugtraq&m=136612293908376&w=2	View
603597	59128	CVE-2012-5885	HP:SSRT101139	View
603598	59128	CVE-2012-5885	URL:http://marc.info/?l=bugtraq&m=136612293908376&w=2	View
603599	59128	CVE-2012-5885	REDHAT:RHSA-2013:0623	View
603600	59128	CVE-2012-5885	URL:http://rhn.redhat.com/errata/RHSA-2013-0623.html	View
603601	59128	CVE-2012-5885	REDHAT:RHSA-2013:0629	View
603602	59128	CVE-2012-5885	URL:http://rhn.redhat.com/errata/RHSA-2013-0629.html	View
603603	59128	CVE-2012-5885	REDHAT:RHSA-2013:0631	View
603604	59128	CVE-2012-5885	URL:http://rhn.redhat.com/errata/RHSA-2013-0631.html	View
603605	59128	CVE-2012-5885	REDHAT:RHSA-2013:0632	View
603606	59128	CVE-2012-5885	URL:http://rhn.redhat.com/errata/RHSA-2013-0632.html	View
603607	59128	CVE-2012-5885	REDHAT:RHSA-2013:0633	View
603608	59128	CVE-2012-5885	URL:http://rhn.redhat.com/errata/RHSA-2013-0633.html	View
603609	59128	CVE-2012-5885	REDHAT:RHSA-2013:0640	View
603610	59128	CVE-2012-5885	URL:http://rhn.redhat.com/errata/RHSA-2013-0640.html	View
603611	59128	CVE-2012-5885	REDHAT:RHSA-2013:0647	View
603612	59128	CVE-2012-5885	URL:http://rhn.redhat.com/errata/RHSA-2013-0647.html	View
603613	59128	CVE-2012-5885	REDHAT:RHSA-2013:0648	View
603614	59128	CVE-2012-5885	URL:http://rhn.redhat.com/errata/RHSA-2013-0648.html	View
603615	59128	CVE-2012-5885	REDHAT:RHSA-2013:0726	View
603616	59128	CVE-2012-5885	URL:http://rhn.redhat.com/errata/RHSA-2013-0726.html	View
603617	59128	CVE-2012-5885	SUSE:openSUSE-SU-2012:1700	View
603618	59128	CVE-2012-5885	URL:http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html	View
603619	59128	CVE-2012-5885	SUSE:openSUSE-SU-2012:1701	View
603620	59128	CVE-2012-5885	URL:http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html	View
603621	59128	CVE-2012-5885	SUSE:openSUSE-SU-2013:0147	View
603622	59128	CVE-2012-5885	URL:http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html	View
603623	59128	CVE-2012-5885	UBUNTU:USN-1637-1	View
603624	59128	CVE-2012-5885	URL:http://www.ubuntu.com/usn/USN-1637-1	View
603625	59128	CVE-2012-5885	BID:56403	View
603626	59128	CVE-2012-5885	URL:http://www.securityfocus.com/bid/56403	View
603627	59128	CVE-2012-5885	OVAL:oval:org.mitre.oval:def:19432	View
603628	59128	CVE-2012-5885	URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:19432	View
603629	59128	CVE-2012-5885	SECUNIA:51371	View
603630	59128	CVE-2012-5885	URL:http://secunia.com/advisories/51371	View
603631	59128	CVE-2012-5885	XF:tomcat-replay-security-bypass(80408)	View

Related JVN

Id	JVN No.	Title	Summary	CVE No.	CVE Id	CVSS_v2	CVSS_v3	JVN URL	Actions
29678	JVNDB-2012-005385	TYPO3 用 Front End User Registration エクステンションにおけるユーザ名およびパスワードを取得される脆弱性	TYPO3 用 Front End User Registration (sr_feuser_register) エクステンションには、ユーザ名、およびパスワードを取得される脆弱性が存在します。	CVE-2012-5890	59128	5		http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005385.html	View

Message	Memory use
Component initialization	1.39 MB
Controller action start	1.49 MB
Controller render start	2.33 MB
View render complete	2.81 MB

Message	Time in ms	Graph
Core Processing (Derived from $_SERVER["REQUEST_TIME"])	2.82
Event: Controller.initialize	0.02
Event: Controller.startup	0.06
Controller action	434.63
Event: Controller.beforeRender	4.48
» Processing toolbar data	4.39
Rendering View	14.60
» Event: View.beforeRender	0.02
» Rendering APP/View/Cveinfos/view.ctp	13.66
» Event: View.afterRender	0.02
» Event: View.beforeLayout	0.02
» Rendering APP/View/Layouts/default.ctp	0.52
» » Rendering CORE/Cake/View/Elements/sql_dump.ctp	0.09
Event: View.afterLayout	0.00

Constant	Value
APP	/virtual/inogo77/public_html/jvn/app/
APP_DIR	app
APPLIBS	/virtual/inogo77/public_html/jvn/app/Lib/
CACHE	/virtual/inogo77/public_html/jvn/app/tmp/cache/
CAKE	/virtual/inogo77/public_html/jvn/lib/Cake/
CAKE_CORE_INCLUDE_PATH	/virtual/inogo77/public_html/jvn/lib
CORE_PATH	/virtual/inogo77/public_html/jvn/lib/
CAKE_VERSION	2.6.0
CSS	/virtual/inogo77/public_html/jvn/app/webroot/css/
CSS_URL	css/
DS	/
FULL_BASE_URL	http://inogo77.s500.xrea.com
IMAGES	/virtual/inogo77/public_html/jvn/app/webroot/img/
IMAGES_URL	img/
JS	/virtual/inogo77/public_html/jvn/app/webroot/js/
JS_URL	js/
LOGS	/virtual/inogo77/public_html/jvn/app/tmp/logs/
ROOT	/virtual/inogo77/public_html/jvn
TESTS	/virtual/inogo77/public_html/jvn/app/Test/
TMP	/virtual/inogo77/public_html/jvn/app/tmp/
VENDORS	/virtual/inogo77/public_html/jvn/vendors/
WEBROOT_DIR	webroot
WWW_ROOT	/virtual/inogo77/public_html/jvn/app/webroot/

Environment Variable	Value
Php Version	5.6.40
Phprc	php56.ini
Php Fcgi Children	1
Pwd	/virtual/inogo77/public_html/.fast-cgi-bin
Php Fcgi Max Requests	10000
Shlvl	0
Path	/usr/local/bin:/usr/bin:/bin
Script Name	/jvn/app/webroot/index.php
Request Uri	/jvn/cveinfos/view/59128
Query String
Request Method	GET
Server Protocol	HTTP/1.1
Gateway Interface	CGI/1.1
Redirect Url	/jvn/app/webroot/cveinfos/view/59128
Remote Port	51672
Script Filename	/virtual/inogo77/public_html/jvn/app/webroot/index.php
Server Admin	[no address given]
Context Document Root	/virtual/inogo77/public_html
Context Prefix
Request Scheme	http
Document Root	/virtual/inogo77/public_html
Remote Addr	216.73.216.160
Server Port	80
Server Addr	160.251.151.205
Server Name	inogo77.s500.xrea.com
Server Software	Apache
Server Signature
Http Connection	close
Http Cache Control	max-age=259200
Http X Forwarded For	10.1.117.192
Http Via	1.1 squid-proxy-5b5d847c96-s47vp (squid/6.10)
Http Host	inogo77.s500.xrea.com
Http Accept Encoding	gzip, br, zstd, deflate
Http Cookie	advanced-frontend=n2d13kn5geq5e6turjmt6je977
Http User Agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Http Accept	/
Gem Home	/usr/local/rvm/gems/ruby-2.3.0
X Dostranslated Ip	216.73.216.160
Mm Country Code	US
Mmdb Info	result found
Mmdb Addr	216.73.216.160
Unique Id	aIARISee-CXiU6bNTXmZCQAAAPY
Redirect Status	200
Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect X Dostranslated Ip	216.73.216.160
Redirect Mm Country Code	US
Redirect Mmdb Info	result found
Redirect Mmdb Addr	216.73.216.160
Redirect Unique Id	aIARISee-CXiU6bNTXmZCQAAAPY
Redirect Redirect Status	200
Redirect Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Redirect X Dostranslated Ip	216.73.216.160
Redirect Redirect Mm Country Code	US
Redirect Redirect Mmdb Info	result found
Redirect Redirect Mmdb Addr	216.73.216.160
Redirect Redirect Unique Id	aIARISee-CXiU6bNTXmZCQAAAPY
Fcgi Role	RESPONDER
Php Self	/jvn/app/webroot/index.php
Request Time Float	1753223457.3846
Request Time	1753223457

CVE

Actions

Related CVE References

Related JVN

Request History

Session

Request

Cake Params

Post data

Query string

Cookie

Current Route

Sql Logs

default

Memory

Timers

Logs

View Variables

App Constants

CakePHP Constants

PHP Environment

Included Files

Include Paths

Included Files