CVE-2012-5886 – org.apache.tomcat:tomcat-catalina

Package

Manager: maven
Name: org.apache.tomcat:tomcat-catalina
Vulnerable Version: >=5.5.0 <5.5.36 || >=6.0.0 <6.0.36 || >=7.0.0 <7.0.30

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.01018 pctl0.76342

Details

Improper Authentication in Apache Tomcat The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.

Metadata

Created: 2022-05-17T01:38:30Z
Modified: 2022-07-12T22:16:12Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9xrj-439h-62hg/GHSA-9xrj-439h-62hg.json
CWE IDs: ["CWE-287"]
Alternative ID: GHSA-9xrj-439h-62hg
Finding: F039
Auto approve: 1