CVE-2012-5885

NONECVSS 0.0

0.0

The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.

🔗 References (52)

cve@mitrehttp://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html
cve@mitrehttp://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html
cve@mitrehttp://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html
cve@mitrehttp://marc.info/?l=bugtraq&m=136485229118404&w=2
cve@mitrehttp://marc.info/?l=bugtraq&m=136612293908376&w=2
cve@mitrehttp://rhn.redhat.com/errata/RHSA-2013-0623.html
cve@mitrehttp://rhn.redhat.com/errata/RHSA-2013-0629.html
cve@mitrehttp://rhn.redhat.com/errata/RHSA-2013-0631.html
cve@mitrehttp://rhn.redhat.com/errata/RHSA-2013-0632.html
cve@mitrehttp://rhn.redhat.com/errata/RHSA-2013-0633.html
cve@mitrehttp://rhn.redhat.com/errata/RHSA-2013-0640.html
cve@mitrehttp://rhn.redhat.com/errata/RHSA-2013-0647.html
cve@mitrehttp://rhn.redhat.com/errata/RHSA-2013-0648.html
cve@mitrehttp://rhn.redhat.com/errata/RHSA-2013-0726.html
cve@mitrehttp://secunia.com/advisories/51371

Is Your Infrastructure Affected by CVE-2012-5885?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2012-5885

📅 Published

🔄 Last Modified

🔗 References (52)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2012-5885?