Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2012-5885

Опубликовано: 05 нояб. 2012
Источник: redhat
CVSS2: 5

Описание

The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat JBoss BRMS 5jbosswebAffected
Red Hat JBoss Data Grid 6jbosswebAffected
Red Hat JBoss Enterprise Web Server 2tomcat7Not affected
Red Hat JBoss Operations Network 3.1jbosswebNot affected
Red Hat JBoss Portal 5jbosswebWill not fix
Red Hat JBoss SOA Platform 5jbosswebAffected
JBEWP 5 for RHEL 5jbosswebFixedRHSA-2013:063111.03.2013
JBEWP 5 for RHEL 6jbosswebFixedRHSA-2013:063111.03.2013
JBoss Data Grid 6.1FixedRHSA-2013:066520.03.2013
JBoss Enterprise BRMS Platform 5.3FixedRHSA-2013:100601.07.2013

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=873664tomcat: three DIGEST authentication implementation issues

5 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2012-5885

ubuntu
больше 12 лет назад

The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.

nvd логотип

CVE-2012-5885

nvd
больше 12 лет назад

The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.

debian логотип

CVE-2012-5885

debian
больше 12 лет назад

The replay-countermeasure functionality in the HTTP Digest Access Auth ...

github логотип

GHSA-99rf-92v6-cwx4

github
около 3 лет назад

Improper Access Control in Apache Tomcat

oracle-oval логотип

ELSA-2013-0640

oracle-oval
больше 12 лет назад

ELSA-2013-0640: tomcat5 security update (IMPORTANT)

5 Medium

CVSS2

Уязвимость CVE-2012-5885