CVE-2012-5886

Severity

4.3

Description

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.

Related links:

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5886

http://tools.cisco.com/security/center/viewAlert.x?alertId=27343

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3439

Project

Apache Tomcat

Category

n/a

Tags

functional

Date Disclosed

2012-11-17

Date Discovered

2012-11-17

Apache Tomcat 7.0.x

First release:

2011-01-14

First release:

2021-03-31

CVEs:

55

Support Lifecycle:

Maintenance Support

Namespace:

javax

7.0.6 7.0.8 7.0.11 7.0.12 7.0.14 7.0.16 7.0.19 7.0.20 7.0.21 7.0.22 7.0.23 7.0.25 7.0.26 7.0.27 7.0.28 7.0.29

Apache Tomcat 6.0.x

First release:

2007-02-28

First release:

2016-12-31

CVEs:

50

Support Lifecycle:

Namespace:

javax

6.0.13 6.0.14 6.0.16 6.0.18 6.0.20 6.0.24 6.0.26 6.0.28 6.0.29 6.0.30 6.0.32 6.0.33 6.0.35

Apache TomEE 1.0.x

First release:

2012-04-27

CVEs:

130

Support Lifecycle:

Namespace:

javax

Feel Vulnerable?

Contact us so we can help you.

First name ^*
Last name ^*
Email ^*
Company ^*
Product ^*
Heard about us from: ^*
Tell us more ^*

Send me a confirmation email

^* These fields are required.