CVE

Id
59129  
CVE No.
CVE-2012-5886  
Status
Candidate  
Description
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.  
Phase
Assigned (20121117)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
603632 59129 CVE-2012-5886 CONFIRM:http://svn.apache.org/viewvc?view=revision&revision=1377807  View
603633 59129 CVE-2012-5886 CONFIRM:http://svn.apache.org/viewvc?view=revision&revision=1380829  View
603634 59129 CVE-2012-5886 CONFIRM:http://svn.apache.org/viewvc?view=revision&revision=1392248  View
603635 59129 CVE-2012-5886 CONFIRM:http://tomcat.apache.org/security-5.html  View
603636 59129 CVE-2012-5886 CONFIRM:http://tomcat.apache.org/security-6.html  View
603637 59129 CVE-2012-5886 CONFIRM:http://tomcat.apache.org/security-7.html  View
603638 59129 CVE-2012-5886 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21626891  View
603639 59129 CVE-2012-5886 REDHAT:RHSA-2013:0623  View
603640 59129 CVE-2012-5886 URL:http://rhn.redhat.com/errata/RHSA-2013-0623.html  View
603641 59129 CVE-2012-5886 REDHAT:RHSA-2013:0629  View
603642 59129 CVE-2012-5886 URL:http://rhn.redhat.com/errata/RHSA-2013-0629.html  View
603643 59129 CVE-2012-5886 REDHAT:RHSA-2013:0631  View
603644 59129 CVE-2012-5886 URL:http://rhn.redhat.com/errata/RHSA-2013-0631.html  View
603645 59129 CVE-2012-5886 REDHAT:RHSA-2013:0632  View
603646 59129 CVE-2012-5886 URL:http://rhn.redhat.com/errata/RHSA-2013-0632.html  View
603647 59129 CVE-2012-5886 REDHAT:RHSA-2013:0633  View
603648 59129 CVE-2012-5886 URL:http://rhn.redhat.com/errata/RHSA-2013-0633.html  View
603649 59129 CVE-2012-5886 REDHAT:RHSA-2013:0640  View
603650 59129 CVE-2012-5886 URL:http://rhn.redhat.com/errata/RHSA-2013-0640.html  View
603651 59129 CVE-2012-5886 REDHAT:RHSA-2013:0647  View
603652 59129 CVE-2012-5886 URL:http://rhn.redhat.com/errata/RHSA-2013-0647.html  View
603653 59129 CVE-2012-5886 REDHAT:RHSA-2013:0648  View
603654 59129 CVE-2012-5886 URL:http://rhn.redhat.com/errata/RHSA-2013-0648.html  View
603655 59129 CVE-2012-5886 REDHAT:RHSA-2013:0726  View
603656 59129 CVE-2012-5886 URL:http://rhn.redhat.com/errata/RHSA-2013-0726.html  View
603657 59129 CVE-2012-5886 SUSE:openSUSE-SU-2012:1700  View
603658 59129 CVE-2012-5886 URL:http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html  View
603659 59129 CVE-2012-5886 SUSE:openSUSE-SU-2012:1701  View
603660 59129 CVE-2012-5886 URL:http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html  View
603661 59129 CVE-2012-5886 SUSE:openSUSE-SU-2013:0147  View
603662 59129 CVE-2012-5886 URL:http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html  View
603663 59129 CVE-2012-5886 UBUNTU:USN-1637-1  View
603664 59129 CVE-2012-5886 URL:http://www.ubuntu.com/usn/USN-1637-1  View
603665 59129 CVE-2012-5886 BID:56403  View
603666 59129 CVE-2012-5886 URL:http://www.securityfocus.com/bid/56403  View
603667 59129 CVE-2012-5886 SECUNIA:51371  View
603668 59129 CVE-2012-5886 URL:http://secunia.com/advisories/51371  View
603669 59129 CVE-2012-5886 XF:tomcat-http-Digest-security-bypass(80407)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
29679 JVNDB-2012-005386 DAlbum の photo/pass.php におけるクロスサイトリクエストフォージェリの脆弱性 DAlbum の photo/pass.php には、クロスサイトリクエストフォージェリの脆弱性が存在します。 CVE-2012-5891 59129 6.8 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005386.html  View