PT-2012-6166 · Apache+4 · Apache Tomcat+4

Publicado

2012-11-17

Atualizado

2022-05-17

CVE-2012-5885

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 5.5.x through 5.5.35 Apache Tomcat versions 6.x through 6.0.35 Apache Tomcat versions 7.x through 7.0.29

Description The issue in the HTTP Digest Access Authentication implementation makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests. This is due to the replay-countermeasure functionality tracking cnonce (client nonce) values instead of nonce (server nonce) and nc (nonce-count) values.

Recommendations For Apache Tomcat versions 5.5.x through 5.5.35, update to version 5.5.36 or later. For Apache Tomcat versions 6.x through 6.0.35, update to version 6.0.36 or later. For Apache Tomcat versions 7.x through 7.0.29, update to version 7.0.30 or later.

Exploit

Correção

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264CWE-284

Identificadores relacionados

CESA-2013_0623

CVE-2012-5885

GHSA-99RF-92V6-CWX4

HPSBUX02860

HPSBUX02866

RHSA-2013:0266

RHSA-2013:0623

RHSA-2013:0629

RHSA-2013:0631

RHSA-2013:0640

RHSA-2013:0647

RHSA-2013_0623

RHSA-2013_0640

Produtos afetados

Apache Tomcat

Centos

Hp-Ux

Red Hat

Suse

PT-2012-6166 · Apache+4 · Apache Tomcat+4

CVE-2012-5885

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 90