Description

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.

Remediation

References

CVE-2012-5887

Related Vulnerabilities

PHP NULL Pointer Dereference Vulnerability (CVE-2018-10548)

WordPress Plugin Another WordPress Classifieds Unspecified Vulnerability (1.8.9.4)

Joomla! Core 2.5.x Cross-Site Scripting (2.5.0 - 2.5.6)

Drupal Core 9.3.x Security Bypass (9.3.0 - 9.3.11)

Contao Key Management Errors Vulnerability (CVE-2019-10643)

Severity

Medium

Classification

CVE-2012-5887 CWE-287

Tags

Missing Update Known Vulnerabilities