CVE-2012-5887

N/A Unknown
Published: November 17, 2012 Modified: October 30, 2025
View on NVD

Description

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html
Source: cve@mitre.org
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html
Source: cve@mitre.org
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html
Source: cve@mitre.org
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0623.html
Source: cve@mitre.org
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0629.html
Source: cve@mitre.org
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0631.html
Source: cve@mitre.org
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0632.html
Source: cve@mitre.org
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0633.html
Source: cve@mitre.org
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0640.html
Source: cve@mitre.org
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0647.html
Source: cve@mitre.org
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0648.html
Source: cve@mitre.org
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0726.html
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/51371
Source: cve@mitre.org
Broken Link
http://svn.apache.org/viewvc?view=revision&revision=1377807
Source: cve@mitre.org
Permissions Required
http://svn.apache.org/viewvc?view=revision&revision=1380829
Source: cve@mitre.org
Permissions Required
http://svn.apache.org/viewvc?view=revision&revision=1392248
Source: cve@mitre.org
Permissions Required
http://tomcat.apache.org/security-5.html
Source: cve@mitre.org
Vendor Advisory
http://tomcat.apache.org/security-6.html
Source: cve@mitre.org
Vendor Advisory
http://tomcat.apache.org/security-7.html
Source: cve@mitre.org
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21626891
Source: cve@mitre.org
Third Party Advisory
http://www.securityfocus.com/bid/56403
Source: cve@mitre.org
Broken Link
http://www.ubuntu.com/usn/USN-1637-1
Source: cve@mitre.org
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/79809
Source: cve@mitre.org
Third Party Advisory VDB Entry
http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0623.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0629.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0631.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0632.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0633.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0640.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0647.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0648.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0726.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/51371
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://svn.apache.org/viewvc?view=revision&revision=1377807
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
http://svn.apache.org/viewvc?view=revision&revision=1380829
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
http://svn.apache.org/viewvc?view=revision&revision=1392248
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
http://tomcat.apache.org/security-5.html
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://tomcat.apache.org/security-6.html
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://tomcat.apache.org/security-7.html
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21626891
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.securityfocus.com/bid/56403
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.ubuntu.com/usn/USN-1637-1
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/79809
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry

46 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.8%
74th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-287

Affected Vendors

apache

Related CVEs

CVE-2025-52691 10.0
CVE-2025-15168 7.3
CVE-2025-15167 7.3
CVE-2025-15166 7.3
CVE-2025-15165 7.3