Launchpad CVE tracker

CVE 2012-5887

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.

Related bugs and status

CVE-2012-5887 (Candidate) is related to these bugs:

Bug #1115053: Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10

		In	Importance	Status
1115053	Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10	tomcat7 (Ubuntu)	Undecided	Fix Released
1115053	Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10	tomcat7 (Ubuntu Oneiric)	Undecided	Fix Released
1115053	Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10	tomcat7 (Ubuntu Precise)	Undecided	Fix Released
1115053	Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10	tomcat7 (Ubuntu Raring)	Undecided	Fix Released
1115053	Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10	tomcat7 (Ubuntu Quantal)	Undecided	Fix Released

Bug #1166649: Multiple open vulnerabilities in tomcat6 in quantal

		In	Importance	Status
1166649	Multiple open vulnerabilities in tomcat6 in quantal	tomcat6 (Ubuntu)	Undecided	Fix Released
1166649	Multiple open vulnerabilities in tomcat6 in quantal	tomcat6 (Ubuntu Quantal)	Undecided	Fix Released
1166649	Multiple open vulnerabilities in tomcat6 in quantal	tomcat6 (Ubuntu Saucy)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2012-5887

References