Rapid7 Vulnerability & Exploit Database

USN-1637-1: Tomcat vulnerabilities

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

USN-1637-1: Tomcat vulnerabilities

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published

11/17/2012

Created

07/25/2018

Added

05/06/2013

Modified

07/09/2020

Description

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.

Solution(s)

ubuntu-upgrade-libtomcat6-java

References

https://attackerkb.com/topics/cve-2012-2733
56402
56403
CVE - 2012-2733
CVE - 2012-5885
CVE - 2012-5886
CVE - 2012-5887
OVAL19218
OVAL19432
RHSA-2013:0623
RHSA-2013:0629
RHSA-2013:0631
RHSA-2013:0632
RHSA-2013:0633
RHSA-2013:0640
RHSA-2013:0647
RHSA-2013:0648
RHSA-2013:0726
USN-1637-1
79809
80407
80408

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;