CVE

Id
59130  
CVE No.
CVE-2012-5887  
Status
Candidate  
Description
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.  
Phase
Assigned (20121117)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
603670 59130 CVE-2012-5887 CONFIRM:http://svn.apache.org/viewvc?view=revision&revision=1377807  View
603671 59130 CVE-2012-5887 CONFIRM:http://svn.apache.org/viewvc?view=revision&revision=1380829  View
603672 59130 CVE-2012-5887 CONFIRM:http://svn.apache.org/viewvc?view=revision&revision=1392248  View
603673 59130 CVE-2012-5887 CONFIRM:http://tomcat.apache.org/security-5.html  View
603674 59130 CVE-2012-5887 CONFIRM:http://tomcat.apache.org/security-6.html  View
603675 59130 CVE-2012-5887 CONFIRM:http://tomcat.apache.org/security-7.html  View
603676 59130 CVE-2012-5887 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21626891  View
603677 59130 CVE-2012-5887 REDHAT:RHSA-2013:0623  View
603678 59130 CVE-2012-5887 URL:http://rhn.redhat.com/errata/RHSA-2013-0623.html  View
603679 59130 CVE-2012-5887 REDHAT:RHSA-2013:0629  View
603680 59130 CVE-2012-5887 URL:http://rhn.redhat.com/errata/RHSA-2013-0629.html  View
603681 59130 CVE-2012-5887 REDHAT:RHSA-2013:0631  View
603682 59130 CVE-2012-5887 URL:http://rhn.redhat.com/errata/RHSA-2013-0631.html  View
603683 59130 CVE-2012-5887 REDHAT:RHSA-2013:0632  View
603684 59130 CVE-2012-5887 URL:http://rhn.redhat.com/errata/RHSA-2013-0632.html  View
603685 59130 CVE-2012-5887 REDHAT:RHSA-2013:0633  View
603686 59130 CVE-2012-5887 URL:http://rhn.redhat.com/errata/RHSA-2013-0633.html  View
603687 59130 CVE-2012-5887 REDHAT:RHSA-2013:0640  View
603688 59130 CVE-2012-5887 URL:http://rhn.redhat.com/errata/RHSA-2013-0640.html  View
603689 59130 CVE-2012-5887 REDHAT:RHSA-2013:0647  View
603690 59130 CVE-2012-5887 URL:http://rhn.redhat.com/errata/RHSA-2013-0647.html  View
603691 59130 CVE-2012-5887 REDHAT:RHSA-2013:0648  View
603692 59130 CVE-2012-5887 URL:http://rhn.redhat.com/errata/RHSA-2013-0648.html  View
603693 59130 CVE-2012-5887 REDHAT:RHSA-2013:0726  View
603694 59130 CVE-2012-5887 URL:http://rhn.redhat.com/errata/RHSA-2013-0726.html  View
603695 59130 CVE-2012-5887 SUSE:openSUSE-SU-2012:1700  View
603696 59130 CVE-2012-5887 URL:http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html  View
603697 59130 CVE-2012-5887 SUSE:openSUSE-SU-2012:1701  View
603698 59130 CVE-2012-5887 URL:http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html  View
603699 59130 CVE-2012-5887 SUSE:openSUSE-SU-2013:0147  View
603700 59130 CVE-2012-5887 URL:http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html  View
603701 59130 CVE-2012-5887 UBUNTU:USN-1637-1  View
603702 59130 CVE-2012-5887 URL:http://www.ubuntu.com/usn/USN-1637-1  View
603703 59130 CVE-2012-5887 BID:56403  View
603704 59130 CVE-2012-5887 URL:http://www.securityfocus.com/bid/56403  View
603705 59130 CVE-2012-5887 SECUNIA:51371  View
603706 59130 CVE-2012-5887 URL:http://secunia.com/advisories/51371  View
603707 59130 CVE-2012-5887 XF:tomcat-digest-security-bypass(79809)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
29680 JVNDB-2012-005387 Havalite CMS における構成データベースをダウンロードされる脆弱性 Havalite CMS は、Web ルート配下へ重要な情報を不十分なアクセス制御で保存するため、構成データベースをダウンロードされる脆弱性が存在します。 CVE-2012-5892 59130 5 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005387.html  View