CVE-2012-5886
First published: Sat Nov 17 2012(Updated: )
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| maven/org.apache.tomcat:tomcat-catalina | >=7.0.0<7.0.30 | 7.0.30 |
| maven/org.apache.tomcat:tomcat-catalina | >=6.0.0<6.0.36 | 6.0.36 |
| maven/org.apache.tomcat:tomcat-catalina | >=5.5.0<5.5.36 | 5.5.36 |
| Apache Tomcat | =5.5.0 | |
| Apache Tomcat | =5.5.1 | |
| Apache Tomcat | =5.5.2 | |
| Apache Tomcat | =5.5.3 | |
| Apache Tomcat | =5.5.4 | |
| Apache Tomcat | =5.5.5 | |
| Apache Tomcat | =5.5.6 | |
| Apache Tomcat | =5.5.7 | |
| Apache Tomcat | =5.5.8 | |
| Apache Tomcat | =5.5.9 | |
| Apache Tomcat | =5.5.10 | |
| Apache Tomcat | =5.5.11 | |
| Apache Tomcat | =5.5.12 | |
| Apache Tomcat | =5.5.13 | |
| Apache Tomcat | =5.5.14 | |
| Apache Tomcat | =5.5.15 | |
| Apache Tomcat | =5.5.16 | |
| Apache Tomcat | =5.5.17 | |
| Apache Tomcat | =5.5.18 | |
| Apache Tomcat | =5.5.19 | |
| Apache Tomcat | =5.5.20 | |
| Apache Tomcat | =5.5.21 | |
| Apache Tomcat | =5.5.22 | |
| Apache Tomcat | =5.5.23 | |
| Apache Tomcat | =5.5.24 | |
| Apache Tomcat | =5.5.25 | |
| Apache Tomcat | =5.5.26 | |
| Apache Tomcat | =5.5.27 | |
| Apache Tomcat | =5.5.28 | |
| Apache Tomcat | =5.5.29 | |
| Apache Tomcat | =5.5.30 | |
| Apache Tomcat | =5.5.31 | |
| Apache Tomcat | =5.5.32 | |
| Apache Tomcat | =5.5.33 | |
| Apache Tomcat | =5.5.34 | |
| Apache Tomcat | =5.5.35 | |
| Apache Tomcat | =6.0 | |
| Apache Tomcat | =6.0.0 | |
| Apache Tomcat | =6.0.0-alpha | |
| Apache Tomcat | =6.0.1 | |
| Apache Tomcat | =6.0.1-alpha | |
| Apache Tomcat | =6.0.2 | |
| Apache Tomcat | =6.0.2-alpha | |
| Apache Tomcat | =6.0.2-beta | |
| Apache Tomcat | =6.0.3 | |
| Apache Tomcat | =6.0.4 | |
| Apache Tomcat | =6.0.4-alpha | |
| Apache Tomcat | =6.0.5 | |
| Apache Tomcat | =6.0.6 | |
| Apache Tomcat | =6.0.6-alpha | |
| Apache Tomcat | =6.0.7 | |
| Apache Tomcat | =6.0.7-alpha | |
| Apache Tomcat | =6.0.7-beta | |
| Apache Tomcat | =6.0.8 | |
| Apache Tomcat | =6.0.8-alpha | |
| Apache Tomcat | =6.0.9 | |
| Apache Tomcat | =6.0.9-beta | |
| Apache Tomcat | =6.0.10 | |
| Apache Tomcat | =6.0.11 | |
| Apache Tomcat | =6.0.12 | |
| Apache Tomcat | =6.0.13 | |
| Apache Tomcat | =6.0.14 | |
| Apache Tomcat | =6.0.15 | |
| Apache Tomcat | =6.0.16 | |
| Apache Tomcat | =6.0.17 | |
| Apache Tomcat | =6.0.18 | |
| Apache Tomcat | =6.0.19 | |
| Apache Tomcat | =6.0.20 | |
| Apache Tomcat | =6.0.24 | |
| Apache Tomcat | =6.0.26 | |
| Apache Tomcat | =6.0.27 | |
| Apache Tomcat | =6.0.28 | |
| Apache Tomcat | =6.0.29 | |
| Apache Tomcat | =6.0.30 | |
| Apache Tomcat | =6.0.31 | |
| Apache Tomcat | =6.0.32 | |
| Apache Tomcat | =6.0.33 | |
| Apache Tomcat | =6.0.35 | |
| Apache Tomcat | =7.0.0 | |
| Apache Tomcat | =7.0.0-beta | |
| Apache Tomcat | =7.0.1 | |
| Apache Tomcat | =7.0.2 | |
| Apache Tomcat | =7.0.2-beta | |
| Apache Tomcat | =7.0.3 | |
| Apache Tomcat | =7.0.4 | |
| Apache Tomcat | =7.0.4-beta | |
| Apache Tomcat | =7.0.5 | |
| Apache Tomcat | =7.0.6 | |
| Apache Tomcat | =7.0.7 | |
| Apache Tomcat | =7.0.8 | |
| Apache Tomcat | =7.0.9 | |
| Apache Tomcat | =7.0.10 | |
| Apache Tomcat | =7.0.11 | |
| Apache Tomcat | =7.0.12 | |
| Apache Tomcat | =7.0.13 | |
| Apache Tomcat | =7.0.14 | |
| Apache Tomcat | =7.0.15 | |
| Apache Tomcat | =7.0.16 | |
| Apache Tomcat | =7.0.17 | |
| Apache Tomcat | =7.0.18 | |
| Apache Tomcat | =7.0.19 | |
| Apache Tomcat | =7.0.20 | |
| Apache Tomcat | =7.0.21 | |
| Apache Tomcat | =7.0.22 | |
| Apache Tomcat | =7.0.23 | |
| Apache Tomcat | =7.0.25 | |
| Apache Tomcat | =7.0.28 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://nvd.nist.gov/vuln/detail/CVE-2012-5886
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80407
- http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html
- http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html
- http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html
- http://rhn.redhat.com/errata/RHSA-2013-0623.html
- http://rhn.redhat.com/errata/RHSA-2013-0629.html
- http://rhn.redhat.com/errata/RHSA-2013-0631.html
- http://rhn.redhat.com/errata/RHSA-2013-0632.html
- http://rhn.redhat.com/errata/RHSA-2013-0640.html
- http://rhn.redhat.com/errata/RHSA-2013-0647.html
- http://rhn.redhat.com/errata/RHSA-2013-0648.html
- http://rhn.redhat.com/errata/RHSA-2013-0726.html
- http://svn.apache.org/viewvc?view=revision&revision=1377807
- http://svn.apache.org/viewvc?view=revision&revision=1380829
- http://svn.apache.org/viewvc?view=revision&revision=1392248
- http://tomcat.apache.org/security-5.html
- http://tomcat.apache.org/security-6.html
- http://tomcat.apache.org/security-7.html
- http://www-01.ibm.com/support/docview.wss?uid=swg21626891
- http://www.ubuntu.com/usn/USN-1637-1
- https://github.com/advisories/GHSA-9xrj-439h-62hg (Advisory)
- http://rhn.redhat.com/errata/RHSA-2013-0633.html
- http://secunia.com/advisories/51371
- http://www.securityfocus.com/bid/56403
- collector/github-advisory-latest
- alias/GHSA-9xrj-439h-62hg
- alias/CVE-2012-5886
- collector/github-advisory
- collector/nvd-index
- collector/nvd-cve
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/severity
- agent/weakness
- agent/description
- agent/tags
- agent/event
- agent/first-publish-date
- agent/trending
- package-manager/maven
- vendor/apache
- canonical/apache tomcat
- version/apache tomcat/5.5.0
- version/apache tomcat/5.5.1
- version/apache tomcat/5.5.2
- version/apache tomcat/5.5.3
- version/apache tomcat/5.5.4
- version/apache tomcat/5.5.5
- version/apache tomcat/5.5.6
- version/apache tomcat/5.5.7
- version/apache tomcat/5.5.8
- version/apache tomcat/5.5.9
- version/apache tomcat/5.5.10
- version/apache tomcat/5.5.11
- version/apache tomcat/5.5.12
- version/apache tomcat/5.5.13
- version/apache tomcat/5.5.14
- version/apache tomcat/5.5.15
- version/apache tomcat/5.5.16
- version/apache tomcat/5.5.17
- version/apache tomcat/5.5.18
- version/apache tomcat/5.5.19
- version/apache tomcat/5.5.20
- version/apache tomcat/5.5.21
- version/apache tomcat/5.5.22
- version/apache tomcat/5.5.23
- version/apache tomcat/5.5.24
- version/apache tomcat/5.5.25
- version/apache tomcat/5.5.26
- version/apache tomcat/5.5.27
- version/apache tomcat/5.5.28
- version/apache tomcat/5.5.29
- version/apache tomcat/5.5.30
- version/apache tomcat/5.5.31
- version/apache tomcat/5.5.32
- version/apache tomcat/5.5.33
- version/apache tomcat/5.5.34
- version/apache tomcat/5.5.35
- version/apache tomcat/6.0
- version/apache tomcat/6.0.0
- version/apache tomcat/6.0.0-alpha
- version/apache tomcat/6.0.1
- version/apache tomcat/6.0.1-alpha
- version/apache tomcat/6.0.2
- version/apache tomcat/6.0.2-alpha
- version/apache tomcat/6.0.2-beta
- version/apache tomcat/6.0.3
- version/apache tomcat/6.0.4
- version/apache tomcat/6.0.4-alpha
- version/apache tomcat/6.0.5
- version/apache tomcat/6.0.6
- version/apache tomcat/6.0.6-alpha
- version/apache tomcat/6.0.7
- version/apache tomcat/6.0.7-alpha
- version/apache tomcat/6.0.7-beta
- version/apache tomcat/6.0.8
- version/apache tomcat/6.0.8-alpha
- version/apache tomcat/6.0.9
- version/apache tomcat/6.0.9-beta
- version/apache tomcat/6.0.10
- version/apache tomcat/6.0.11
- version/apache tomcat/6.0.12
- version/apache tomcat/6.0.13
- version/apache tomcat/6.0.14
- version/apache tomcat/6.0.15
- version/apache tomcat/6.0.16
- version/apache tomcat/6.0.17
- version/apache tomcat/6.0.18
- version/apache tomcat/6.0.19
- version/apache tomcat/6.0.20
- version/apache tomcat/6.0.24
- version/apache tomcat/6.0.26
- version/apache tomcat/6.0.27
- version/apache tomcat/6.0.28
- version/apache tomcat/6.0.29
- version/apache tomcat/6.0.30
- version/apache tomcat/6.0.31
- version/apache tomcat/6.0.32
- version/apache tomcat/6.0.33
- version/apache tomcat/6.0.35
- version/apache tomcat/7.0.0
- version/apache tomcat/7.0.0-beta
- version/apache tomcat/7.0.1
- version/apache tomcat/7.0.2
- version/apache tomcat/7.0.2-beta
- version/apache tomcat/7.0.3
- version/apache tomcat/7.0.4
- version/apache tomcat/7.0.4-beta
- version/apache tomcat/7.0.5
- version/apache tomcat/7.0.6
- version/apache tomcat/7.0.7
- version/apache tomcat/7.0.8
- version/apache tomcat/7.0.9
- version/apache tomcat/7.0.10
- version/apache tomcat/7.0.11
- version/apache tomcat/7.0.12
- version/apache tomcat/7.0.13
- version/apache tomcat/7.0.14
- version/apache tomcat/7.0.15
- version/apache tomcat/7.0.16
- version/apache tomcat/7.0.17
- version/apache tomcat/7.0.18
- version/apache tomcat/7.0.19
- version/apache tomcat/7.0.20
- version/apache tomcat/7.0.21
- version/apache tomcat/7.0.22
- version/apache tomcat/7.0.23
- version/apache tomcat/7.0.25
- version/apache tomcat/7.0.28