{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-11-05T00:00:00", "descriptions": [{"lang": "en", "value": "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21626891"}, {"name": "51371", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/51371"}, {"name": "openSUSE-SU-2012:1700", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://svn.apache.org/viewvc?view=revision&revision=1392248"}, {"name": "RHSA-2013:0631", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0631.html"}, {"name": "RHSA-2013:0640", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0640.html"}, {"name": "USN-1637-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1637-1"}, {"name": "56403", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/56403"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://tomcat.apache.org/security-7.html"}, {"name": "RHSA-2013:0648", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0648.html"}, {"name": "RHSA-2013:0633", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0633.html"}, {"name": "RHSA-2013:0629", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0629.html"}, {"name": "tomcat-digest-security-bypass(79809)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79809"}, {"name": "RHSA-2013:0647", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0647.html"}, {"name": "RHSA-2013:0632", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0632.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://tomcat.apache.org/security-6.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://svn.apache.org/viewvc?view=revision&revision=1380829"}, {"name": "openSUSE-SU-2013:0147", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html"}, {"name": "RHSA-2013:0623", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0623.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://tomcat.apache.org/security-5.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://svn.apache.org/viewvc?view=revision&revision=1377807"}, {"name": "openSUSE-SU-2012:1701", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html"}, {"name": "RHSA-2013:0726", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0726.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-5887", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21626891", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21626891"}, {"name": "51371", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/51371"}, {"name": "openSUSE-SU-2012:1700", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html"}, {"name": "http://svn.apache.org/viewvc?view=revision&revision=1392248", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc?view=revision&revision=1392248"}, {"name": "RHSA-2013:0631", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0631.html"}, {"name": "RHSA-2013:0640", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0640.html"}, {"name": "USN-1637-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1637-1"}, {"name": "56403", "refsource": "BID", "url": "http://www.securityfocus.com/bid/56403"}, {"name": "http://tomcat.apache.org/security-7.html", "refsource": "CONFIRM", "url": "http://tomcat.apache.org/security-7.html"}, {"name": "RHSA-2013:0648", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0648.html"}, {"name": "RHSA-2013:0633", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0633.html"}, {"name": "RHSA-2013:0629", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0629.html"}, {"name": "tomcat-digest-security-bypass(79809)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79809"}, {"name": "RHSA-2013:0647", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0647.html"}, {"name": "RHSA-2013:0632", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0632.html"}, {"name": "http://tomcat.apache.org/security-6.html", "refsource": "CONFIRM", "url": "http://tomcat.apache.org/security-6.html"}, {"name": "http://svn.apache.org/viewvc?view=revision&revision=1380829", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc?view=revision&revision=1380829"}, {"name": "openSUSE-SU-2013:0147", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html"}, {"name": "RHSA-2013:0623", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0623.html"}, {"name": "http://tomcat.apache.org/security-5.html", "refsource": "CONFIRM", "url": "http://tomcat.apache.org/security-5.html"}, {"name": "http://svn.apache.org/viewvc?view=revision&revision=1377807", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc?view=revision&revision=1377807"}, {"name": "openSUSE-SU-2012:1701", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html"}, {"name": "RHSA-2013:0726", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0726.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:21:27.681Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21626891"}, {"name": "51371", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/51371"}, {"name": "openSUSE-SU-2012:1700", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://svn.apache.org/viewvc?view=revision&revision=1392248"}, {"name": "RHSA-2013:0631", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0631.html"}, {"name": "RHSA-2013:0640", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0640.html"}, {"name": "USN-1637-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1637-1"}, {"name": "56403", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/56403"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://tomcat.apache.org/security-7.html"}, {"name": "RHSA-2013:0648", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0648.html"}, {"name": "RHSA-2013:0633", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0633.html"}, {"name": "RHSA-2013:0629", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0629.html"}, {"name": "tomcat-digest-security-bypass(79809)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79809"}, {"name": "RHSA-2013:0647", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0647.html"}, {"name": "RHSA-2013:0632", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0632.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://tomcat.apache.org/security-6.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://svn.apache.org/viewvc?view=revision&revision=1380829"}, {"name": "openSUSE-SU-2013:0147", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html"}, {"name": "RHSA-2013:0623", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0623.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://tomcat.apache.org/security-5.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://svn.apache.org/viewvc?view=revision&revision=1377807"}, {"name": "openSUSE-SU-2012:1701", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html"}, {"name": "RHSA-2013:0726", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0726.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-5887", "datePublished": "2012-11-17T19:00:00", "dateReserved": "2012-11-17T00:00:00", "dateUpdated": "2024-08-06T21:21:27.681Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CD0B437-C18A-43D1-872E-D3D49E72F2E6", "versionEndExcluding": "5.5.36", "versionStartIncluding": "5.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "matchCriteriaId": "BF667BFD-F07B-46FF-AD15-88A20F3D75ED", "versionEndExcluding": "6.0.36", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "matchCriteriaId": "9745BF5D-E59D-4C6D-AD02-AD128256E02F", "versionEndExcluding": "7.0.30", "versionStartIncluding": "7.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests."}, {"lang": "es", "value": "La implementaci\u00f3n de HTTP Digest Access Authentication en Apache Tomcat v5.5.x antes de v5.5.36, v6.x antes de v6.0.36, v7.x antes de v7.0.30 no comprueba correctamente los valores nonce ni la aplicaci\u00f3n de credenciales adecuadas, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes remotos a la hora de evitar las restricciones de acceso previstas para el espionaje de tr\u00e1fico de red de solicitudes v\u00e1lidas.\r\n"}], "id": "CVE-2012-5887", "lastModified": "2025-10-30T15:49:33.063", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-11-17T19:55:02.813", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0623.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0629.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0631.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0632.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0633.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0640.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0647.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0648.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0726.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/51371"}, {"source": "cve@mitre.org", "tags": ["Permissions Required"], "url": "http://svn.apache.org/viewvc?view=revision&revision=1377807"}, {"source": "cve@mitre.org", "tags": ["Permissions Required"], "url": "http://svn.apache.org/viewvc?view=revision&revision=1380829"}, {"source": "cve@mitre.org", "tags": ["Permissions Required"], "url": "http://svn.apache.org/viewvc?view=revision&revision=1392248"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://tomcat.apache.org/security-5.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://tomcat.apache.org/security-6.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://tomcat.apache.org/security-7.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21626891"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.securityfocus.com/bid/56403"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1637-1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79809"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0623.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0629.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0631.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0632.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0633.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0640.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0647.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0648.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0726.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/51371"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "http://svn.apache.org/viewvc?view=revision&revision=1377807"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "http://svn.apache.org/viewvc?view=revision&revision=1380829"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "http://svn.apache.org/viewvc?view=revision&revision=1392248"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://tomcat.apache.org/security-5.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://tomcat.apache.org/security-6.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://tomcat.apache.org/security-7.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21626891"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.securityfocus.com/bid/56403"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1637-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79809"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2013:0631", "cpe": "cpe:/a:redhat:jboss_enterprise_web_platform:5::el5", "package": "jbossweb-0:2.1.13-3_patch_02.ep5.el5", "product_name": "JBEWP 5 for RHEL 5", "release_date": "2013-03-11T00:00:00Z"}, {"advisory": "RHSA-2013:0631", "cpe": "cpe:/a:redhat:jboss_enterprise_web_platform:5::el6", "package": "jbossweb-0:2.1.13-4_patch_02.ep5.el6", "product_name": "JBEWP 5 for RHEL 6", "release_date": "2013-03-11T00:00:00Z"}, {"advisory": "RHSA-2013:0665", "cpe": "cpe:/a:redhat:jboss_data_grid:6.1.0", "product_name": "JBoss Data Grid 6.1", "release_date": "2013-03-20T00:00:00Z"}, {"advisory": "RHSA-2013:1006", "cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:5.3", "product_name": "JBoss Enterprise BRMS Platform 5.3", "release_date": "2013-07-01T00:00:00Z"}, {"advisory": "RHSA-2013:0640", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "tomcat5-0:5.5.23-0jpp.38.el5_9", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2013-03-12T00:00:00Z"}, {"advisory": "RHSA-2013:0623", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "tomcat6-0:6.0.24-52.el6_4", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-03-11T00:00:00Z"}, {"advisory": "RHSA-2013:0632", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5.2.0", "product_name": "Red Hat JBoss Enterprise Application Platform 5.2", "release_date": "2013-03-11T00:00:00Z"}, {"advisory": "RHSA-2013:0629", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5::el4", "package": "jbossweb-0:2.1.13-3_patch_02.ep5.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 4", "release_date": "2013-03-11T00:00:00Z"}, {"advisory": "RHSA-2013:0629", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5::el5", "package": "jbossweb-0:2.1.13-3_patch_02.ep5.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 5", "release_date": "2013-03-11T00:00:00Z"}, {"advisory": "RHSA-2013:0629", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5::el6", "package": "jbossweb-0:2.1.13-4_patch_02.ep5.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 6", "release_date": "2013-03-11T00:00:00Z"}, {"advisory": "RHSA-2013:0648", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6.0.1", "product_name": "Red Hat JBoss Enterprise Application Platform 6.0", "release_date": "2013-03-14T00:00:00Z"}, {"advisory": "RHSA-2013:0647", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jbossweb-0:7.0.17-4.Final_redhat_3.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date": "2013-03-14T00:00:00Z"}, {"advisory": "RHSA-2013:0647", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jbossweb-0:7.0.17-4.Final_redhat_3.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date": "2013-03-14T00:00:00Z"}, {"advisory": "RHSA-2013:0266", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2::el5", "package": "tomcat6-0:6.0.35-6_patch_06.ep6.el5", "product_name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 5", "release_date": "2013-02-19T00:00:00Z"}, {"advisory": "RHSA-2013:0266", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2::el6", "package": "tomcat6-0:6.0.35-29_patch_06.ep6.el6", "product_name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 6", "release_date": "2013-02-19T00:00:00Z"}, {"advisory": "RHSA-2013:0726", "cpe": "cpe:/a:redhat:jboss_enterprise_soa_platform:5.3", "product_name": "Red Hat JBoss SOA Platform 5.3", "release_date": "2013-04-09T00:00:00Z"}, {"advisory": "RHSA-2013:0633", "cpe": "cpe:/a:redhat:jboss_enterprise_web_platform:5.2.0", "product_name": "Red Hat JBoss Web Platform 5.2", "release_date": "2013-03-11T00:00:00Z"}, {"advisory": "RHSA-2013:0265", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2.0", "product_name": "Red Hat JBoss Web Server 2.0", "release_date": "2013-02-19T00:00:00Z"}], "bugzilla": {"description": "tomcat: three DIGEST authentication implementation issues", "id": "873664", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=873664"}, "csaw": false, "cvss": {"cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "status": "verified"}, "details": ["The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests."], "name": "CVE-2012-5887", "package_state": [{"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:5", "fix_state": "Affected", "package_name": "jbossweb", "product_name": "Red Hat JBoss BRMS 5"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:6", "fix_state": "Affected", "package_name": "jbossweb", "product_name": "Red Hat JBoss Data Grid 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2", "fix_state": "Not affected", "package_name": "tomcat7", "product_name": "Red Hat JBoss Enterprise Web Server 2"}, {"cpe": "cpe:/a:redhat:jboss_operations_network:3.1", "fix_state": "Not affected", "package_name": "jbossweb", "product_name": "Red Hat JBoss Operations Network 3.1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_portal_platform:5", "fix_state": "Will not fix", "package_name": "jbossweb", "product_name": "Red Hat JBoss Portal 5"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_soa_platform:5", "fix_state": "Affected", "package_name": "jbossweb", "product_name": "Red Hat JBoss SOA Platform 5"}], "public_date": "2012-11-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2012-5887\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-5887"], "threat_severity": "Moderate"}