National Cyber Awareness System

Vulnerability Summary for CVE-2012-5886

Overview

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: UBUNTU

Name: USN-1637-1

Hyperlink:http://www.ubuntu.com/usn/USN-1637-1

External Source: BID

Name: 56403

Hyperlink:http://www.securityfocus.com/bid/56403

External Source: CONFIRM

Name: http://tomcat.apache.org/security-7.html

Type: Advisory

Hyperlink:http://tomcat.apache.org/security-7.html

External Source: CONFIRM

Name: http://tomcat.apache.org/security-6.html

Type: Advisory

Hyperlink:http://tomcat.apache.org/security-6.html

External Source: CONFIRM

Name: http://tomcat.apache.org/security-5.html

Type: Advisory

Hyperlink:http://tomcat.apache.org/security-5.html

External Source: CONFIRM

Name: http://svn.apache.org/viewvc?view=revision&revision=1392248

Hyperlink:http://svn.apache.org/viewvc?view=revision&revision=1392248

External Source: CONFIRM

Name: http://svn.apache.org/viewvc?view=revision&revision=1380829

Hyperlink:http://svn.apache.org/viewvc?view=revision&revision=1380829

External Source: CONFIRM

Name: http://svn.apache.org/viewvc?view=revision&revision=1377807

Hyperlink:http://svn.apache.org/viewvc?view=revision&revision=1377807

External Source: REDHAT

Name: RHSA-2013:0726

Hyperlink:http://rhn.redhat.com/errata/RHSA-2013-0726.html

External Source: REDHAT

Name: RHSA-2013:0648

Hyperlink:http://rhn.redhat.com/errata/RHSA-2013-0648.html

External Source: REDHAT

Name: RHSA-2013:0647

Hyperlink:http://rhn.redhat.com/errata/RHSA-2013-0647.html

External Source: REDHAT

Name: RHSA-2013:0640

Hyperlink:http://rhn.redhat.com/errata/RHSA-2013-0640.html

External Source: REDHAT

Name: RHSA-2013:0633

Hyperlink:http://rhn.redhat.com/errata/RHSA-2013-0633.html

External Source: REDHAT

Name: RHSA-2013:0632

Hyperlink:http://rhn.redhat.com/errata/RHSA-2013-0632.html

External Source: REDHAT

Name: RHSA-2013:0631

Hyperlink:http://rhn.redhat.com/errata/RHSA-2013-0631.html

External Source: REDHAT

Name: RHSA-2013:0629

Hyperlink:http://rhn.redhat.com/errata/RHSA-2013-0629.html

External Source: REDHAT

Name: RHSA-2013:0623

Hyperlink:http://rhn.redhat.com/errata/RHSA-2013-0623.html

External Source: SUSE

Name: openSUSE-SU-2013:0147

Hyperlink:http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html

External Source: SUSE

Name: openSUSE-SU-2012:1701

Hyperlink:http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html

External Source: SUSE

Name: openSUSE-SU-2012:1700

Hyperlink:http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html