CVE-2012-5887 – org.apache.tomcat:tomcat

Package

Manager: maven
Name: org.apache.tomcat:tomcat
Vulnerable Version: >=5.5.0 <5.5.36 || >=6.0.0 <6.0.36 || >=7.0.0 <7.0.30

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.03081 pctl0.86251

Details

Improper Authentication in Apache Tomcat The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.

Metadata

Created: 2022-05-17T01:38:30Z
Modified: 2022-07-12T21:37:02Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-28cq-6rmx-pjq4/GHSA-28cq-6rmx-pjq4.json
CWE IDs: ["CWE-287"]
Alternative ID: GHSA-28cq-6rmx-pjq4
Finding: F039
Auto approve: 1