Moderate severityNVD Advisory· Published Nov 17, 2012· Updated Jun 16, 2026
CVE-2012-5887
CVE-2012-5887
Description
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.tomcat:tomcatMaven | >= 5.5.0, < 5.5.36 | 5.5.36 |
org.apache.tomcat:tomcatMaven | >= 6.0.0, < 6.0.36 | 6.0.36 |
org.apache.tomcat:tomcatMaven | >= 7.0.0, < 7.0.30 | 7.0.30 |
Affected products
1Patches
Vulnerability mechanics
References
25- lists.opensuse.org/opensuse-updates/2012-12/msg00089.htmlnvdThird Party AdvisoryWEB
- lists.opensuse.org/opensuse-updates/2012-12/msg00090.htmlnvdThird Party AdvisoryWEB
- lists.opensuse.org/opensuse-updates/2013-01/msg00037.htmlnvdThird Party AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2013-0623.htmlnvdThird Party AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2013-0629.htmlnvdThird Party AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2013-0631.htmlnvdThird Party AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2013-0632.htmlnvdThird Party AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2013-0633.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2013-0640.htmlnvdThird Party AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2013-0647.htmlnvdThird Party AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2013-0648.htmlnvdThird Party AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2013-0726.htmlnvdThird Party AdvisoryWEB
- tomcat.apache.org/security-5.htmlnvdVendor AdvisoryWEB
- tomcat.apache.org/security-6.htmlnvdVendor AdvisoryWEB
- tomcat.apache.org/security-7.htmlnvdVendor AdvisoryWEB
- www-01.ibm.com/support/docview.wssnvdThird Party AdvisoryWEB
- www.ubuntu.com/usn/USN-1637-1nvdThird Party AdvisoryWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/79809nvdThird Party AdvisoryVDB EntryWEB
- github.com/advisories/GHSA-28cq-6rmx-pjq4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2012-5887ghsaADVISORY
- secunia.com/advisories/51371nvdBroken Link
- svn.apache.org/viewvcnvdPermissions RequiredWEB
- svn.apache.org/viewvcnvdPermissions RequiredWEB
- svn.apache.org/viewvcnvdPermissions RequiredWEB
- www.securityfocus.com/bid/56403nvdBroken Link
News mentions
0No linked articles in our index yet.