5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
71.7%
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x
before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information
about the authenticated user within the session state, which makes it
easier for remote attackers to bypass authentication via vectors related to
the session ID.
Author | Note |
---|---|
mdeslaur | This was originally called CVE-2012-3439 same fix as CVE-2012-5885 |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | tomcat6 | <ย 6.0.24-2ubuntu1.11 | UNKNOWN |
ubuntu | 11.10 | noarch | tomcat6 | <ย 6.0.32-5ubuntu1.3 | UNKNOWN |
ubuntu | 12.04 | noarch | tomcat6 | <ย 6.0.35-1ubuntu3.1 | UNKNOWN |
ubuntu | 12.10 | noarch | tomcat6 | <ย 6.0.35-5ubuntu0.1 | UNKNOWN |
ubuntu | 11.10 | noarch | tomcat7 | <ย 7.0.21-1ubuntu0.1 | UNKNOWN |
ubuntu | 12.04 | noarch | tomcat7 | <ย 7.0.26-1ubuntu1.2 | UNKNOWN |