Vulnerability & Exploit Database

Displaying entries 21 - 29 of 29 in total

Results for: CVE-2013-5887 Back to search

ELSA-2013-0640 Important: Oracle Linux tomcat5 security update Vulnerability

  • Severity: 5
  • Published: November 17, 2012

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network...

ELSA-2013-0623 Important: Oracle Linux tomcat6 security update Vulnerability

  • Severity: 5
  • Published: November 17, 2012

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network...

Gentoo Linux: CVE-2012-5887: Apache Tomcat: Multiple vulnerabilities Vulnerability

  • Severity: 5
  • Published: November 17, 2012

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network...

Cent OS: CVE-2012-5887: CESA-2013:0640 (tomcat5) Vulnerability

  • Severity: 5
  • Published: November 17, 2012

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network...

Apache Tomcat: (CVE-2012-5887) Vulnerability

  • Severity: 5
  • Published: November 17, 2012

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network...

Sun Patch: SunOS 5.9_x86: tomcat security patch Vulnerability

  • Severity: 8
  • Published: July 13, 2010

Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.

Sun Patch: SunOS 5.9: tomcat security patch Vulnerability

  • Severity: 8
  • Published: July 13, 2010

Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.

Sun Patch: SunOS 5.10_x86: Apache 1.3 Patch Vulnerability

  • Severity: 8
  • Published: July 28, 2006

Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly ha...

Sun Patch: SunOS 5.10: Apache 1.3 Patch Vulnerability

  • Severity: 8
  • Published: July 28, 2006

Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly ha...