5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
71.7%
The Tomcat 6 DIGEST authentication functionality as used in Red Hat
Enterprise Linux 6 allows remote attackers to bypass intended access
restrictions by performing a replay attack after a nonce becomes stale.
NOTE: this issue is due to an incomplete fix for CVE-2012-5887.
Author | Note |
---|---|
mdeslaur | issue in redhat’s CVE-2012-5887 patch. |