PT-2012-6167 · Apache+3 · Apache Tomcat+3

Publicado

2012-11-17

·

Atualizado

2022-05-17

·

CVE-2012-5886

CVSS v2.0

5.0

Média

VetorAV:N/AC:L/Au:N/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 5.5.x through 5.5.35 Apache Tomcat versions 6.x through 6.0.35 Apache Tomcat versions 7.x through 7.0.29
Description The issue concerns the HTTP Digest Access Authentication implementation, which caches information about the authenticated user within the session state. This makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
Recommendations For Apache Tomcat versions 5.5.x through 5.5.35, update to version 5.5.36 or later. For Apache Tomcat versions 6.x through 6.0.35, update to version 6.0.36 or later. For Apache Tomcat versions 7.x through 7.0.29, update to version 7.0.30 or later.

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

CESA-2013_0623
CVE-2012-5886
GHSA-9XRJ-439H-62HG
RHSA-2013:0266
RHSA-2013:0623
RHSA-2013:0629
RHSA-2013:0631
RHSA-2013:0640
RHSA-2013:0647
RHSA-2013_0623
RHSA-2013_0640

Produtos afetados

Apache Tomcat
Centos
Red Hat
Suse