We found results for “”
CVE-2012-5886
Good to know:
Date: November 17, 2012
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
Language: Java
Severity Score
Related Resources (26)
Severity Score
Weakness Type (CWE)
Authentication Issues
CWE-287Top Fix
Upgrade Version
Upgrade to version org.apache.tomcat:catalina:6.0.36,org.apache.tomcat.embed:tomcat-embed-core:7.0.30,org.apache.tomcat:tomcat-catalina:7.0.l30
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | LOW |
Availability (A): | NONE |
CVSS v2
Base Score: |
|
---|---|
Access Vector (AV): | NETWORK |
Access Complexity (AC): | LOW |
Authentication (AU): | NONE |
Confidentiality (C): | NONE |
Integrity (I): | PARTIAL |
Availability (A): | NONE |
Additional information: |