Vulnerability Database
296,138
Total vulnerabilities in the database
CVE-2012-5886
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
| Software | From | Fixed in |
|---|---|---|
| apache / tomcat | 5.5.27 | 5.5.27.x |
| apache / tomcat | 5.5.18 | 5.5.18.x |
| apache / tomcat | 5.5.12 | 5.5.12.x |
| apache / tomcat | 5.5.14 | 5.5.14.x |
| apache / tomcat | 5.5.10 | 5.5.10.x |
| apache / tomcat | 5.5.4 | 5.5.4.x |
| apache / tomcat | 5.5.7 | 5.5.7.x |
| apache / tomcat | 5.5.1 | 5.5.1.x |
| apache / tomcat | 5.5.11 | 5.5.11.x |
| apache / tomcat | 5.5.28 | 5.5.28.x |
| apache / tomcat | 5.5.6 | 5.5.6.x |
| apache / tomcat | 5.5.26 | 5.5.26.x |
| apache / tomcat | 5.5.35 | 5.5.35.x |
| apache / tomcat | 5.5.20 | 5.5.20.x |
| apache / tomcat | 5.5.15 | 5.5.15.x |
| apache / tomcat | 5.5.5 | 5.5.5.x |
| apache / tomcat | 5.5.30 | 5.5.30.x |
| apache / tomcat | 5.5.21 | 5.5.21.x |
| apache / tomcat | 5.5.22 | 5.5.22.x |
| apache / tomcat | 5.5.3 | 5.5.3.x |
| apache / tomcat | 5.5.32 | 5.5.32.x |
| apache / tomcat | 5.5.31 | 5.5.31.x |
| apache / tomcat | 5.5.9 | 5.5.9.x |
| apache / tomcat | 5.5.25 | 5.5.25.x |
| apache / tomcat | 5.5.33 | 5.5.33.x |
| apache / tomcat | 5.5.2 | 5.5.2.x |
| apache / tomcat | 5.5.0 | 5.5.0.x |
| apache / tomcat | 5.5.13 | 5.5.13.x |
| apache / tomcat | 5.5.24 | 5.5.24.x |
| apache / tomcat | 5.5.34 | 5.5.34.x |
| apache / tomcat | 5.5.8 | 5.5.8.x |
| apache / tomcat | 5.5.16 | 5.5.16.x |
| apache / tomcat | 5.5.17 | 5.5.17.x |
| apache / tomcat | 5.5.29 | 5.5.29.x |
| apache / tomcat | 5.5.19 | 5.5.19.x |
| apache / tomcat | 5.5.23 | 5.5.23.x |
| apache / tomcat | 6.0.33 | 6.0.33.x |
| apache / tomcat | 6.0.0-alpha | 6.0.0-alpha.x |
| apache / tomcat | 6.0.6 | 6.0.6.x |
| apache / tomcat | 6.0.4-alpha | 6.0.4-alpha.x |
| apache / tomcat | 6.0.11 | 6.0.11.x |
| apache / tomcat | 6.0.7 | 6.0.7.x |
| apache / tomcat | 6.0.4 | 6.0.4.x |
| apache / tomcat | 6.0.15 | 6.0.15.x |
| apache / tomcat | 6.0.20 | 6.0.20.x |
| apache / tomcat | 6.0.9-beta | 6.0.9-beta.x |
| apache / tomcat | 6.0.10 | 6.0.10.x |
| apache / tomcat | 6.0.31 | 6.0.31.x |
| apache / tomcat | 6.0.29 | 6.0.29.x |
| apache / tomcat | 6.0.3 | 6.0.3.x |
| apache / tomcat | 6.0.9 | 6.0.9.x |
| apache / tomcat | 6.0.1-alpha | 6.0.1-alpha.x |
| apache / tomcat | 6.0.7-alpha | 6.0.7-alpha.x |
| apache / tomcat | 6.0.24 | 6.0.24.x |
| apache / tomcat | 6.0.17 | 6.0.17.x |
| apache / tomcat | 6.0 | 6.0.x |
| apache / tomcat | 6.0.32 | 6.0.32.x |
| apache / tomcat | 6.0.28 | 6.0.28.x |
| apache / tomcat | 6.0.0 | 6.0.0.x |
| apache / tomcat | 6.0.14 | 6.0.14.x |
| apache / tomcat | 6.0.6-alpha | 6.0.6-alpha.x |
| apache / tomcat | 6.0.1 | 6.0.1.x |
| apache / tomcat | 6.0.12 | 6.0.12.x |
| apache / tomcat | 6.0.18 | 6.0.18.x |
| apache / tomcat | 6.0.2-alpha | 6.0.2-alpha.x |
| apache / tomcat | 6.0.5 | 6.0.5.x |
| apache / tomcat | 6.0.7-beta | 6.0.7-beta.x |
| apache / tomcat | 6.0.30 | 6.0.30.x |
| apache / tomcat | 6.0.2 | 6.0.2.x |
| apache / tomcat | 6.0.2-beta | 6.0.2-beta.x |
| apache / tomcat | 6.0.13 | 6.0.13.x |
| apache / tomcat | 6.0.8-alpha | 6.0.8-alpha.x |
| apache / tomcat | 6.0.26 | 6.0.26.x |
| apache / tomcat | 6.0.19 | 6.0.19.x |
| apache / tomcat | 6.0.27 | 6.0.27.x |
| apache / tomcat | 6.0.35 | 6.0.35.x |
| apache / tomcat | 6.0.16 | 6.0.16.x |
| apache / tomcat | 6.0.8 | 6.0.8.x |
| apache / tomcat | 7.0.2-beta | 7.0.2-beta.x |
| apache / tomcat | 7.0.12 | 7.0.12.x |
| apache / tomcat | 7.0.20 | 7.0.20.x |
| apache / tomcat | 7.0.8 | 7.0.8.x |
| apache / tomcat | 7.0.1 | 7.0.1.x |
| apache / tomcat | 7.0.2 | 7.0.2.x |
| apache / tomcat | 7.0.5 | 7.0.5.x |
| apache / tomcat | 7.0.4-beta | 7.0.4-beta.x |
| apache / tomcat | 7.0.22 | 7.0.22.x |
| apache / tomcat | 7.0.28 | 7.0.28.x |
| apache / tomcat | 7.0.0 | 7.0.0.x |
| apache / tomcat | 7.0.6 | 7.0.6.x |
| apache / tomcat | 7.0.18 | 7.0.18.x |
| apache / tomcat | 7.0.14 | 7.0.14.x |
| apache / tomcat | 7.0.11 | 7.0.11.x |
| apache / tomcat | 7.0.23 | 7.0.23.x |
| apache / tomcat | 7.0.0-beta | 7.0.0-beta.x |
| apache / tomcat | 7.0.7 | 7.0.7.x |
| apache / tomcat | 7.0.13 | 7.0.13.x |
| apache / tomcat | 7.0.15 | 7.0.15.x |
| apache / tomcat | 7.0.19 | 7.0.19.x |
| apache / tomcat | 7.0.16 | 7.0.16.x |
| apache / tomcat | 7.0.10 | 7.0.10.x |
| apache / tomcat | 7.0.25 | 7.0.25.x |
| apache / tomcat | 7.0.21 | 7.0.21.x |
| apache / tomcat | 7.0.17 | 7.0.17.x |
| apache / tomcat | 7.0.9 | 7.0.9.x |
| apache / tomcat | 7.0.4 | 7.0.4.x |
| apache / tomcat | 7.0.3 | 7.0.3.x |
org.apache.tomcat / tomcat
|
5.5.0 | 5.5.36 |
|
org.apache.tomcat / tomcat
|
6.0.0 | 6.0.36 |
|
org.apache.tomcat / tomcat
|
7.0.0 | 7.0.30 |
- http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html
- http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html
- http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html
- http://rhn.redhat.com/errata/RHSA-2013-0623.html
- http://rhn.redhat.com/errata/RHSA-2013-0629.html
- http://rhn.redhat.com/errata/RHSA-2013-0631.html
- http://rhn.redhat.com/errata/RHSA-2013-0632.html
- http://rhn.redhat.com/errata/RHSA-2013-0633.html
- http://rhn.redhat.com/errata/RHSA-2013-0640.html
- http://rhn.redhat.com/errata/RHSA-2013-0647.html
- http://rhn.redhat.com/errata/RHSA-2013-0648.html
- http://rhn.redhat.com/errata/RHSA-2013-0726.html
- http://secunia.com/advisories/51371
- http://svn.apache.org/viewvc?view=revision&revision=1377807
- http://svn.apache.org/viewvc?view=revision&revision=1380829
- http://svn.apache.org/viewvc?view=revision&revision=1392248
- http://tomcat.apache.org/security-5.html
- http://tomcat.apache.org/security-6.html
- http://tomcat.apache.org/security-7.html
- http://www-01.ibm.com/support/docview.wss?uid=swg21626891
- http://www.securityfocus.com/bid/56403
- http://www.ubuntu.com/usn/USN-1637-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80407