CVE - CVE-2012-5885

CVE-ID
CVE-2012-5885	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:http://svn.apache.org/viewvc?view=revision&revision=1377807 CONFIRM:http://svn.apache.org/viewvc?view=revision&revision=1380829 CONFIRM:http://svn.apache.org/viewvc?view=revision&revision=1392248 CONFIRM:http://tomcat.apache.org/security-5.html CONFIRM:http://tomcat.apache.org/security-6.html CONFIRM:http://tomcat.apache.org/security-7.html CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21626891 HP:HPSBUX02860 URL:http://marc.info/?l=bugtraq&m=136485229118404&w=2 HP:SSRT101146 URL:http://marc.info/?l=bugtraq&m=136485229118404&w=2 HP:HPSBUX02866 URL:http://marc.info/?l=bugtraq&m=136612293908376&w=2 HP:SSRT101139 URL:http://marc.info/?l=bugtraq&m=136612293908376&w=2 REDHAT:RHSA-2013:0623 URL:http://rhn.redhat.com/errata/RHSA-2013-0623.html REDHAT:RHSA-2013:0629 URL:http://rhn.redhat.com/errata/RHSA-2013-0629.html REDHAT:RHSA-2013:0631 URL:http://rhn.redhat.com/errata/RHSA-2013-0631.html REDHAT:RHSA-2013:0632 URL:http://rhn.redhat.com/errata/RHSA-2013-0632.html REDHAT:RHSA-2013:0633 URL:http://rhn.redhat.com/errata/RHSA-2013-0633.html REDHAT:RHSA-2013:0640 URL:http://rhn.redhat.com/errata/RHSA-2013-0640.html REDHAT:RHSA-2013:0647 URL:http://rhn.redhat.com/errata/RHSA-2013-0647.html REDHAT:RHSA-2013:0648 URL:http://rhn.redhat.com/errata/RHSA-2013-0648.html REDHAT:RHSA-2013:0726 URL:http://rhn.redhat.com/errata/RHSA-2013-0726.html SUSE:openSUSE-SU-2012:1700 URL:http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html SUSE:openSUSE-SU-2012:1701 URL:http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html SUSE:openSUSE-SU-2013:0147 URL:http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html UBUNTU:USN-1637-1 URL:http://www.ubuntu.com/usn/USN-1637-1 BID:56403 URL:http://www.securityfocus.com/bid/56403 OVAL:oval:org.mitre.oval:def:19432 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19432 SECUNIA:51371 URL:http://secunia.com/advisories/51371 XF:tomcat-replay-security-bypass(80408) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/80408
Assigning CNA
N/A
Date Entry Created
20121117	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20121117)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org