Description

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.

Remediation

References

CVE-2012-5887

Related Vulnerabilities

WordPress Plugin Import Export WordPress Users Security Bypass (1.3.8)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-9475)

e107 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-5320)

WordPress Plugin AzonPost Cross-Site Scripting (1.3)

WordPress Plugin AdRotate-Ad manager & AdSense Ads SQL Injection (5.8.3.1)

Severity

Medium

Classification

CVE-2012-5887 CWE-287

Tags

Missing Update Known Vulnerabilities