Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5886

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-5886
Last Modified 19 Aug 2013 11:18:55
Published 17 Nov 2012 02:55:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-5886

Summary

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.

Vulnerable Systems

Application

  • Apache Tomcat 5.5.0

  • Apache Tomcat 5.5.1

  • Apache Tomcat 5.5.10

  • Apache Tomcat 5.5.11

  • Apache Tomcat 5.5.12

  • Apache Tomcat 5.5.13

  • Apache Tomcat 5.5.14

  • Apache Tomcat 5.5.15

  • Apache Tomcat 5.5.16

  • Apache Tomcat 5.5.17

  • Apache Tomcat 5.5.18

  • Apache Tomcat 5.5.19

  • Apache Tomcat 5.5.2

  • Apache Tomcat 5.5.20

  • Apache Tomcat 5.5.21

  • Apache Tomcat 5.5.22

  • Apache Tomcat 5.5.23

  • Apache Tomcat 5.5.24

  • Apache Tomcat 5.5.25

  • Apache Tomcat 5.5.26

  • Apache Tomcat 5.5.27

  • Apache Tomcat 5.5.28

  • Apache Tomcat 5.5.29

  • Apache Tomcat 5.5.3

  • Apache Tomcat 5.5.30

  • Apache Tomcat 5.5.31

  • Apache Tomcat 5.5.32

  • Apache Tomcat 5.5.33

  • Apache Tomcat 5.5.34

  • Apache Tomcat 5.5.35

  • Apache Tomcat 5.5.4

  • Apache Tomcat 5.5.5

  • Apache Tomcat 5.5.6

  • Apache Tomcat 5.5.7

  • Apache Tomcat 5.5.8

  • Apache Tomcat 5.5.9

  • Apache Tomcat 6.0

  • Apache Tomcat 6.0.0

  • Apache Tomcat 6.0.1

  • Apache Tomcat 6.0.10

  • Apache Tomcat 6.0.11

  • Apache Tomcat 6.0.12

  • Apache Tomcat 6.0.13

  • Apache Tomcat 6.0.14

  • Apache Tomcat 6.0.15

  • Apache Tomcat 6.0.16

  • Apache Tomcat 6.0.17

  • Apache Tomcat 6.0.18

  • Apache Tomcat 6.0.19

  • Apache Tomcat 6.0.2

  • Apache Tomcat 6.0.20

  • Apache Tomcat 6.0.24

  • Apache Tomcat 6.0.26

  • Apache Tomcat 6.0.27

  • Apache Tomcat 6.0.28

  • Apache Tomcat 6.0.29

  • Apache Tomcat 6.0.3

  • Apache Tomcat 6.0.30

  • Apache Tomcat 6.0.31

  • Apache Tomcat 6.0.32

  • Apache Tomcat 6.0.33

  • Apache Tomcat 6.0.35

  • Apache Tomcat 6.0.4

  • Apache Tomcat 6.0.5

  • Apache Tomcat 6.0.6

  • Apache Tomcat 6.0.7

  • Apache Tomcat 6.0.8

  • Apache Tomcat 6.0.9

  • Apache Tomcat 7.0.0

  • Apache Tomcat 7.0.1

  • Apache Tomcat 7.0.10

  • Apache Tomcat 7.0.11

  • Apache Tomcat 7.0.12

  • Apache Tomcat 7.0.13

  • Apache Tomcat 7.0.14

  • Apache Tomcat 7.0.15

  • Apache Tomcat 7.0.16

  • Apache Tomcat 7.0.17

  • Apache Tomcat 7.0.18

  • Apache Tomcat 7.0.19

  • Apache Tomcat 7.0.2

  • Apache Tomcat 7.0.20

  • Apache Tomcat 7.0.21

  • Apache Tomcat 7.0.22

  • Apache Tomcat 7.0.23

  • Apache Tomcat 7.0.25

  • Apache Tomcat 7.0.28

  • Apache Tomcat 7.0.3

  • Apache Tomcat 7.0.4

  • Apache Tomcat 7.0.5

  • Apache Tomcat 7.0.6

  • Apache Tomcat 7.0.7

  • Apache Tomcat 7.0.8

  • Apache Tomcat 7.0.9


References

CONFIRM - http://tomcat.apache.org/security-7.html

CONFIRM - http://tomcat.apache.org/security-6.html

CONFIRM - http://tomcat.apache.org/security-5.html

CONFIRM - http://svn.apache.org/viewvc?view=revision&revision=1392248

CONFIRM - http://svn.apache.org/viewvc?view=revision&revision=1380829

CONFIRM - http://svn.apache.org/viewvc?view=revision&revision=1377807

UBUNTU - USN-1637-1

BID - 56403

SUSE - openSUSE-SU-2012:1700

SUSE - openSUSE-SU-2012:1701

SUSE - openSUSE-SU-2013:0147

REDHAT - RHSA-2013:0640

REDHAT - RHSA-2013:0633

REDHAT - RHSA-2013:0632

REDHAT - RHSA-2013:0631

REDHAT - RHSA-2013:0629

REDHAT - RHSA-2013:0623

REDHAT - RHSA-2013:0726

REDHAT - RHSA-2013:0648

REDHAT - RHSA-2013:0647

SECUNIA - 51371

XF - tomcat-http-Digest-security-bypass(80407)

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21626891

Related Patches

SUN122911-31 Solaris 10 SPARC: Apache 1.3 Patch (Rev 2)

SUN122912-31 Solaris 10 x86: Apache 1.3 Patch (Rev 2)

Red Hat 2013:0640-01 RHSA Important: tomcat5 security update for RHEL 5 x86


Last Updated: 27 May 2016 10:58:28