Launchpad CVE tracker

CVE 2012-5886

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.

Related bugs and status

CVE-2012-5886 (Candidate) is related to these bugs:

Bug #1115053: Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10

		In	Importance	Status
1115053	Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10	tomcat7 (Ubuntu)	Undecided	Fix Released
1115053	Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10	tomcat7 (Ubuntu Oneiric)	Undecided	Fix Released
1115053	Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10	tomcat7 (Ubuntu Precise)	Undecided	Fix Released
1115053	Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10	tomcat7 (Ubuntu Raring)	Undecided	Fix Released
1115053	Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10	tomcat7 (Ubuntu Quantal)	Undecided	Fix Released

Bug #1166649: Multiple open vulnerabilities in tomcat6 in quantal

		In	Importance	Status
1166649	Multiple open vulnerabilities in tomcat6 in quantal	tomcat6 (Ubuntu)	Undecided	Fix Released
1166649	Multiple open vulnerabilities in tomcat6 in quantal	tomcat6 (Ubuntu Quantal)	Undecided	Fix Released
1166649	Multiple open vulnerabilities in tomcat6 in quantal	tomcat6 (Ubuntu Saucy)	Undecided	Fix Released

Bug #1262204: tomact7 installation is confusing the user with home-directy. Tomcat is saying "directory will not be created"

Summary				In	Importance	Status
	1262204	tomact7 installation is confusing the user with home-directy. Tomcat is saying "directory will not be created"		tomcat7 (Ubuntu)	Low	New

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2012-5886

References