CVE-2012-5885

NameCVE-2012-5885
DescriptionThe replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
NVD severitymedium (attack range: remote)
Debian Bugs692439, 692440
Debian/oldoldstablenot vulnerable.
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
tomcat6 (PTS)squeeze, squeeze (security)6.0.35-1+squeeze4fixed
squeeze (lts)6.0.41-2+squeeze7fixed
wheezy (security), wheezy6.0.35-6+deb7u1fixed
jessie6.0.41-3fixed
stretch, sid6.0.41-4fixed
tomcat7 (PTS)wheezy (security), wheezy7.0.28-4+deb7u1fixed
jessie7.0.56-3fixed
stretch7.0.63-1fixed
sid7.0.64-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
tomcat6source(unstable)6.0.35-5+nmu1medium692439
tomcat6sourcesqueeze6.0.35-1+squeeze3medium
tomcat7source(unstable)7.0.28-3+nmu1medium692440

Notes

DSA 2725

Search for package or bug name: Reporting problems