Launchpad CVE tracker

CVE 2012-5885

The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.

Related bugs and status

CVE-2012-5885 (Candidate) is related to these bugs:

Bug #1115053: Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10

		In	Importance	Status
1115053	Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10	tomcat7 (Ubuntu)	Undecided	Fix Released
1115053	Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10	tomcat7 (Ubuntu Oneiric)	Undecided	Fix Released
1115053	Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10	tomcat7 (Ubuntu Precise)	Undecided	Fix Released
1115053	Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10	tomcat7 (Ubuntu Raring)	Undecided	Fix Released
1115053	Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10	tomcat7 (Ubuntu Quantal)	Undecided	Fix Released

Bug #1166649: Multiple open vulnerabilities in tomcat6 in quantal

		In	Importance	Status
1166649	Multiple open vulnerabilities in tomcat6 in quantal	tomcat6 (Ubuntu)	Undecided	Fix Released
1166649	Multiple open vulnerabilities in tomcat6 in quantal	tomcat6 (Ubuntu Quantal)	Undecided	Fix Released
1166649	Multiple open vulnerabilities in tomcat6 in quantal	tomcat6 (Ubuntu Saucy)	Undecided	Fix Released

Bug #1262204: tomact7 installation is confusing the user with home-directy. Tomcat is saying "directory will not be created"

Summary				In	Importance	Status
	1262204	tomact7 installation is confusing the user with home-directy. Tomcat is saying "directory will not be created"		tomcat7 (Ubuntu)	Low	New

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2012-5885

References