CVE-2012-5887
Improper Authentication in Apache Tomcat
EPSS 0.90%
Description
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
How to fix CVE-2012-5887
To remediate CVE-2012-5887, upgrade the affected package to a fixed version below.
- Maven/org.apache.tomcat:tomcat—upgrade to 5.5.36 or later
Is CVE-2012-5887 being exploited?
Low — EPSS is 0.9%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 5.5.0, < 5.5.36