The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2012-11-17T19:00:00
Updated: 2024-08-06T21:21:27.681Z
Reserved: 2012-11-17T00:00:00
Link: CVE-2012-5887
Vulnrichment
No data.
NVD
Status : Modified
Published: 2012-11-17T19:55:02.813
Modified: 2017-08-29T01:32:50.213
Link: CVE-2012-5887
Redhat