Skip to main content

CVE-2012-5886

Severity

4.3

Description

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.

Project

Apache Tomcat

Apache TomEE

Category
n/a
Tags
functional
Date Disclosed

2012-11-17

Date Discovered

2012-11-17

Apache Tomcat 7.0.x

First release:
2011-01-14
First release:
2021-03-31
CVEs:
53
Support Lifecycle:
Namespace:
javax

Apache Tomcat 6.0.x

First release:
2007-02-28
First release:
2016-12-31
CVEs:
48
Support Lifecycle:
Namespace:
javax

Apache TomEE 1.0.x

First release:
2012-04-27
CVEs:
121
Support Lifecycle:
Namespace:
javax
Feel Vulnerable? 

Contact us so we can help you.

* These fields are required.