csaf_redhat - RHSA-2013:0623

RHSA-2013:0623

Vulnerability from csaf_redhat

Published

2013-03-11 18:14

Modified

2025-02-02 19:37

Summary

Red Hat Security Advisory: tomcat6 security update

Notes

Topic

Updated tomcat6 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Details

Apache Tomcat is a servlet container. It was found that when an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was possible to bypass the security constraint checks in the FORM authenticator by appending "/j_security_check" to the end of a URL. A remote attacker with an authenticated session on an affected application could use this flaw to circumvent authorization controls, and thereby access resources not permitted by the roles associated with their authenticated session. (CVE-2012-3546) A flaw was found in the way Tomcat handled sendfile operations when using the HTTP NIO (Non-Blocking I/O) connector and HTTPS. A remote attacker could use this flaw to cause a denial of service (infinite loop). The HTTP blocking IO (BIO) connector, which is not vulnerable to this issue, is used by default in Red Hat Enterprise Linux 6. (CVE-2012-4534) Multiple weaknesses were found in the Tomcat DIGEST authentication implementation, effectively reducing the security normally provided by DIGEST authentication. A remote attacker could use these flaws to perform replay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886, CVE-2012-5887) Users of Tomcat should upgrade to these updated packages, which correct these issues. Tomcat must be restarted for this update to take effect.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
   document: {
      aggregate_severity: {
         namespace: "https://access.redhat.com/security/updates/classification/",
         text: "Important",
      },
      category: "csaf_security_advisory",
      csaf_version: "2.0",
      distribution: {
         text: "Copyright © Red Hat, Inc. All rights reserved.",
         tlp: {
            label: "WHITE",
            url: "https://www.first.org/tlp/",
         },
      },
      lang: "en",
      notes: [
         {
            category: "summary",
            text: "Updated tomcat6 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.",
            title: "Topic",
         },
         {
            category: "general",
            text: "Apache Tomcat is a servlet container.\n\nIt was found that when an application used FORM authentication, along with\nanother component that calls request.setUserPrincipal() before the call to\nFormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was\npossible to bypass the security constraint checks in the FORM authenticator\nby appending \"/j_security_check\" to the end of a URL. A remote attacker\nwith an authenticated session on an affected application could use this\nflaw to circumvent authorization controls, and thereby access resources not\npermitted by the roles associated with their authenticated session.\n(CVE-2012-3546)\n\nA flaw was found in the way Tomcat handled sendfile operations when using\nthe HTTP NIO (Non-Blocking I/O) connector and HTTPS. A remote attacker\ncould use this flaw to cause a denial of service (infinite loop). The HTTP\nblocking IO (BIO) connector, which is not vulnerable to this issue, is used\nby default in Red Hat Enterprise Linux 6. (CVE-2012-4534)\n\nMultiple weaknesses were found in the Tomcat DIGEST authentication\nimplementation, effectively reducing the security normally provided by\nDIGEST authentication. A remote attacker could use these flaws to perform\nreplay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886,\nCVE-2012-5887)\n\nUsers of Tomcat should upgrade to these updated packages, which correct\nthese issues. Tomcat must be restarted for this update to take effect.",
            title: "Details",
         },
         {
            category: "legal_disclaimer",
            text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
            title: "Terms of Use",
         },
      ],
      publisher: {
         category: "vendor",
         contact_details: "https://access.redhat.com/security/team/contact/",
         issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
         name: "Red Hat Product Security",
         namespace: "https://www.redhat.com",
      },
      references: [
         {
            category: "self",
            summary: "https://access.redhat.com/errata/RHSA-2013:0623",
            url: "https://access.redhat.com/errata/RHSA-2013:0623",
         },
         {
            category: "external",
            summary: "https://access.redhat.com/security/updates/classification/#important",
            url: "https://access.redhat.com/security/updates/classification/#important",
         },
         {
            category: "external",
            summary: "http://tomcat.apache.org/security-6.html",
            url: "http://tomcat.apache.org/security-6.html",
         },
         {
            category: "external",
            summary: "873664",
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=873664",
         },
         {
            category: "external",
            summary: "883634",
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=883634",
         },
         {
            category: "external",
            summary: "883637",
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=883637",
         },
         {
            category: "self",
            summary: "Canonical URL",
            url: "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0623.json",
         },
      ],
      title: "Red Hat Security Advisory: tomcat6 security update",
      tracking: {
         current_release_date: "2025-02-02T19:37:45+00:00",
         generator: {
            date: "2025-02-02T19:37:45+00:00",
            engine: {
               name: "Red Hat SDEngine",
               version: "4.2.6",
            },
         },
         id: "RHSA-2013:0623",
         initial_release_date: "2013-03-11T18:14:00+00:00",
         revision_history: [
            {
               date: "2013-03-11T18:14:00+00:00",
               number: "1",
               summary: "Initial version",
            },
            {
               date: "2013-03-11T19:31:54+00:00",
               number: "2",
               summary: "Last updated version",
            },
            {
               date: "2025-02-02T19:37:45+00:00",
               number: "3",
               summary: "Last generated version",
            },
         ],
         status: "final",
         version: "3",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  branches: [
                     {
                        category: "product_name",
                        name: "Red Hat Enterprise Linux Desktop Optional (v. 6)",
                        product: {
                           name: "Red Hat Enterprise Linux Desktop Optional (v. 6)",
                           product_id: "6Client-optional-6.4.z",
                           product_identification_helper: {
                              cpe: "cpe:/o:redhat:enterprise_linux:6::client",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "Red Hat Enterprise Linux HPC Node Optional (v. 6)",
                        product: {
                           name: "Red Hat Enterprise Linux HPC Node Optional (v. 6)",
                           product_id: "6ComputeNode-optional-6.4.z",
                           product_identification_helper: {
                              cpe: "cpe:/o:redhat:enterprise_linux:6::computenode",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "Red Hat Enterprise Linux Server (v. 6)",
                        product: {
                           name: "Red Hat Enterprise Linux Server (v. 6)",
                           product_id: "6Server-6.4.z",
                           product_identification_helper: {
                              cpe: "cpe:/o:redhat:enterprise_linux:6::server",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "Red Hat Enterprise Linux Server Optional (v. 6)",
                        product: {
                           name: "Red Hat Enterprise Linux Server Optional (v. 6)",
                           product_id: "6Server-optional-6.4.z",
                           product_identification_helper: {
                              cpe: "cpe:/o:redhat:enterprise_linux:6::server",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "Red Hat Enterprise Linux Workstation (v. 6)",
                        product: {
                           name: "Red Hat Enterprise Linux Workstation (v. 6)",
                           product_id: "6Workstation-6.4.z",
                           product_identification_helper: {
                              cpe: "cpe:/o:redhat:enterprise_linux:6::workstation",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "Red Hat Enterprise Linux Workstation Optional (v. 6)",
                        product: {
                           name: "Red Hat Enterprise Linux Workstation Optional (v. 6)",
                           product_id: "6Workstation-optional-6.4.z",
                           product_identification_helper: {
                              cpe: "cpe:/o:redhat:enterprise_linux:6::workstation",
                           },
                        },
                     },
                  ],
                  category: "product_family",
                  name: "Red Hat Enterprise Linux",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                        product: {
                           name: "tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                           product_id: "tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/tomcat6-docs-webapp@6.0.24-52.el6_4?arch=noarch",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                        product: {
                           name: "tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                           product_id: "tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/tomcat6-javadoc@6.0.24-52.el6_4?arch=noarch",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                        product: {
                           name: "tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                           product_id: "tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/tomcat6-webapps@6.0.24-52.el6_4?arch=noarch",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                        product: {
                           name: "tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                           product_id: "tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/tomcat6-admin-webapps@6.0.24-52.el6_4?arch=noarch",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                        product: {
                           name: "tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                           product_id: "tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/tomcat6-lib@6.0.24-52.el6_4?arch=noarch",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                        product: {
                           name: "tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                           product_id: "tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/tomcat6-jsp-2.1-api@6.0.24-52.el6_4?arch=noarch",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "tomcat6-0:6.0.24-52.el6_4.noarch",
                        product: {
                           name: "tomcat6-0:6.0.24-52.el6_4.noarch",
                           product_id: "tomcat6-0:6.0.24-52.el6_4.noarch",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/tomcat6@6.0.24-52.el6_4?arch=noarch",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                        product: {
                           name: "tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                           product_id: "tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/tomcat6-servlet-2.5-api@6.0.24-52.el6_4?arch=noarch",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                        product: {
                           name: "tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                           product_id: "tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/tomcat6-el-2.1-api@6.0.24-52.el6_4?arch=noarch",
                           },
                        },
                     },
                  ],
                  category: "architecture",
                  name: "noarch",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "tomcat6-0:6.0.24-52.el6_4.src",
                        product: {
                           name: "tomcat6-0:6.0.24-52.el6_4.src",
                           product_id: "tomcat6-0:6.0.24-52.el6_4.src",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/tomcat6@6.0.24-52.el6_4?arch=src",
                           },
                        },
                     },
                  ],
                  category: "architecture",
                  name: "src",
               },
            ],
            category: "vendor",
            name: "Red Hat",
         },
      ],
      relationships: [
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
               product_id: "6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6Client-optional-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-0:6.0.24-52.el6_4.src as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
               product_id: "6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
            },
            product_reference: "tomcat6-0:6.0.24-52.el6_4.src",
            relates_to_product_reference: "6Client-optional-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
               product_id: "6Client-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6Client-optional-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
               product_id: "6Client-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6Client-optional-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
               product_id: "6Client-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6Client-optional-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-javadoc-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
               product_id: "6Client-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6Client-optional-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
               product_id: "6Client-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6Client-optional-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-lib-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
               product_id: "6Client-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-lib-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6Client-optional-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
               product_id: "6Client-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6Client-optional-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-webapps-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
               product_id: "6Client-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6Client-optional-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
               product_id: "6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6ComputeNode-optional-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-0:6.0.24-52.el6_4.src as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
               product_id: "6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
            },
            product_reference: "tomcat6-0:6.0.24-52.el6_4.src",
            relates_to_product_reference: "6ComputeNode-optional-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
               product_id: "6ComputeNode-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6ComputeNode-optional-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
               product_id: "6ComputeNode-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6ComputeNode-optional-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
               product_id: "6ComputeNode-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6ComputeNode-optional-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-javadoc-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
               product_id: "6ComputeNode-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6ComputeNode-optional-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
               product_id: "6ComputeNode-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6ComputeNode-optional-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-lib-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
               product_id: "6ComputeNode-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-lib-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6ComputeNode-optional-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
               product_id: "6ComputeNode-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6ComputeNode-optional-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-webapps-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
               product_id: "6ComputeNode-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6ComputeNode-optional-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Server (v. 6)",
               product_id: "6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6Server-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-0:6.0.24-52.el6_4.src as a component of Red Hat Enterprise Linux Server (v. 6)",
               product_id: "6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
            },
            product_reference: "tomcat6-0:6.0.24-52.el6_4.src",
            relates_to_product_reference: "6Server-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Server (v. 6)",
               product_id: "6Server-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6Server-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Server (v. 6)",
               product_id: "6Server-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6Server-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Server (v. 6)",
               product_id: "6Server-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6Server-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-javadoc-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Server (v. 6)",
               product_id: "6Server-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6Server-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Server (v. 6)",
               product_id: "6Server-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6Server-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-lib-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Server (v. 6)",
               product_id: "6Server-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-lib-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6Server-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Server (v. 6)",
               product_id: "6Server-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6Server-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-webapps-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Server (v. 6)",
               product_id: "6Server-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6Server-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
               product_id: "6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6Server-optional-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-0:6.0.24-52.el6_4.src as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
               product_id: "6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
            },
            product_reference: "tomcat6-0:6.0.24-52.el6_4.src",
            relates_to_product_reference: "6Server-optional-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
               product_id: "6Server-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6Server-optional-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
               product_id: "6Server-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6Server-optional-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
               product_id: "6Server-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6Server-optional-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-javadoc-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
               product_id: "6Server-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6Server-optional-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
               product_id: "6Server-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6Server-optional-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-lib-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
               product_id: "6Server-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-lib-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6Server-optional-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
               product_id: "6Server-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6Server-optional-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-webapps-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
               product_id: "6Server-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6Server-optional-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Workstation (v. 6)",
               product_id: "6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6Workstation-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-0:6.0.24-52.el6_4.src as a component of Red Hat Enterprise Linux Workstation (v. 6)",
               product_id: "6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
            },
            product_reference: "tomcat6-0:6.0.24-52.el6_4.src",
            relates_to_product_reference: "6Workstation-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Workstation (v. 6)",
               product_id: "6Workstation-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6Workstation-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Workstation (v. 6)",
               product_id: "6Workstation-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6Workstation-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Workstation (v. 6)",
               product_id: "6Workstation-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6Workstation-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-javadoc-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Workstation (v. 6)",
               product_id: "6Workstation-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6Workstation-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Workstation (v. 6)",
               product_id: "6Workstation-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6Workstation-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-lib-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Workstation (v. 6)",
               product_id: "6Workstation-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-lib-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6Workstation-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Workstation (v. 6)",
               product_id: "6Workstation-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6Workstation-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-webapps-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Workstation (v. 6)",
               product_id: "6Workstation-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6Workstation-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
               product_id: "6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6Workstation-optional-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-0:6.0.24-52.el6_4.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
               product_id: "6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
            },
            product_reference: "tomcat6-0:6.0.24-52.el6_4.src",
            relates_to_product_reference: "6Workstation-optional-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
               product_id: "6Workstation-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6Workstation-optional-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
               product_id: "6Workstation-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6Workstation-optional-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
               product_id: "6Workstation-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6Workstation-optional-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-javadoc-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
               product_id: "6Workstation-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6Workstation-optional-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
               product_id: "6Workstation-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6Workstation-optional-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-lib-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
               product_id: "6Workstation-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-lib-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6Workstation-optional-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
               product_id: "6Workstation-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6Workstation-optional-6.4.z",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat6-webapps-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
               product_id: "6Workstation-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
            },
            product_reference: "tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
            relates_to_product_reference: "6Workstation-optional-6.4.z",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2012-3546",
         discovery_date: "2012-12-05T00:00:00+00:00",
         ids: [
            {
               system_name: "Red Hat Bugzilla ID",
               text: "883634",
            },
         ],
         notes: [
            {
               category: "description",
               text: "org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.",
               title: "Vulnerability description",
            },
            {
               category: "summary",
               text: "Web: Bypass of security constraints",
               title: "Vulnerability summary",
            },
            {
               category: "other",
               text: "Tomcat 5.5 has reached the end of its supported upstream life-cycle, and the Apache Tomcat project no longer tests security flaws to determine whether they affect Tomcat 5.5. Red Hat has tested tomcat 5.5 as shipped with Red Hat Enterprise Linux 5 and JBoss Enterprise Web Server 1, and found that it is affected by this flaw. Patches for tomcat 5.5 to address this flaw have been  provided.",
               title: "Statement",
            },
            {
               category: "general",
               text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
               title: "CVSS score applicability",
            },
         ],
         product_status: {
            fixed: [
               "6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
               "6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
               "6Client-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
               "6Client-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
               "6Client-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6Client-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
               "6Client-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6Client-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
               "6Client-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
               "6Client-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
               "6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
               "6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
               "6ComputeNode-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
               "6ComputeNode-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
               "6ComputeNode-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6ComputeNode-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
               "6ComputeNode-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6ComputeNode-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
               "6ComputeNode-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
               "6ComputeNode-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
               "6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
               "6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
               "6Server-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
               "6Server-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
               "6Server-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6Server-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
               "6Server-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6Server-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
               "6Server-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
               "6Server-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
               "6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
               "6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
               "6Server-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
               "6Server-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
               "6Server-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6Server-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
               "6Server-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6Server-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
               "6Server-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
               "6Server-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
               "6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
               "6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
               "6Workstation-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
               "6Workstation-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
               "6Workstation-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6Workstation-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
               "6Workstation-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6Workstation-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
               "6Workstation-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
               "6Workstation-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
               "6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
               "6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
               "6Workstation-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
               "6Workstation-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
               "6Workstation-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6Workstation-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
               "6Workstation-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6Workstation-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
               "6Workstation-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
               "6Workstation-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
            ],
         },
         references: [
            {
               category: "self",
               summary: "Canonical URL",
               url: "https://access.redhat.com/security/cve/CVE-2012-3546",
            },
            {
               category: "external",
               summary: "RHBZ#883634",
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=883634",
            },
            {
               category: "external",
               summary: "https://www.cve.org/CVERecord?id=CVE-2012-3546",
               url: "https://www.cve.org/CVERecord?id=CVE-2012-3546",
            },
            {
               category: "external",
               summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-3546",
               url: "https://nvd.nist.gov/vuln/detail/CVE-2012-3546",
            },
         ],
         release_date: "2012-12-04T00:00:00+00:00",
         remediations: [
            {
               category: "vendor_fix",
               date: "2013-03-11T18:14:00+00:00",
               details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
               product_ids: [
                  "6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6Client-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6ComputeNode-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6Server-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6Server-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6Workstation-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6Workstation-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
               ],
               restart_required: {
                  category: "none",
               },
               url: "https://access.redhat.com/errata/RHSA-2013:0623",
            },
         ],
         scores: [
            {
               cvss_v2: {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "SINGLE",
                  availabilityImpact: "NONE",
                  baseScore: 5.5,
                  confidentialityImpact: "PARTIAL",
                  integrityImpact: "PARTIAL",
                  vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:N",
                  version: "2.0",
               },
               products: [
                  "6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6Client-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6ComputeNode-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6Server-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6Server-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6Workstation-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6Workstation-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               details: "Important",
            },
         ],
         title: "Web: Bypass of security constraints",
      },
      {
         cve: "CVE-2012-4534",
         discovery_date: "2012-12-05T00:00:00+00:00",
         ids: [
            {
               system_name: "Red Hat Bugzilla ID",
               text: "883637",
            },
         ],
         notes: [
            {
               category: "description",
               text: "org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.",
               title: "Vulnerability description",
            },
            {
               category: "summary",
               text: "Tomcat - Denial Of Service when using NIO+SSL+sendfile",
               title: "Vulnerability summary",
            },
            {
               category: "general",
               text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
               title: "CVSS score applicability",
            },
         ],
         product_status: {
            fixed: [
               "6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
               "6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
               "6Client-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
               "6Client-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
               "6Client-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6Client-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
               "6Client-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6Client-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
               "6Client-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
               "6Client-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
               "6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
               "6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
               "6ComputeNode-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
               "6ComputeNode-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
               "6ComputeNode-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6ComputeNode-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
               "6ComputeNode-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6ComputeNode-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
               "6ComputeNode-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
               "6ComputeNode-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
               "6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
               "6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
               "6Server-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
               "6Server-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
               "6Server-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6Server-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
               "6Server-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6Server-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
               "6Server-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
               "6Server-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
               "6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
               "6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
               "6Server-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
               "6Server-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
               "6Server-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6Server-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
               "6Server-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6Server-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
               "6Server-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
               "6Server-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
               "6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
               "6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
               "6Workstation-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
               "6Workstation-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
               "6Workstation-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6Workstation-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
               "6Workstation-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6Workstation-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
               "6Workstation-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
               "6Workstation-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
               "6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
               "6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
               "6Workstation-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
               "6Workstation-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
               "6Workstation-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6Workstation-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
               "6Workstation-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6Workstation-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
               "6Workstation-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
               "6Workstation-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
            ],
         },
         references: [
            {
               category: "self",
               summary: "Canonical URL",
               url: "https://access.redhat.com/security/cve/CVE-2012-4534",
            },
            {
               category: "external",
               summary: "RHBZ#883637",
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=883637",
            },
            {
               category: "external",
               summary: "https://www.cve.org/CVERecord?id=CVE-2012-4534",
               url: "https://www.cve.org/CVERecord?id=CVE-2012-4534",
            },
            {
               category: "external",
               summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-4534",
               url: "https://nvd.nist.gov/vuln/detail/CVE-2012-4534",
            },
         ],
         release_date: "2012-12-04T00:00:00+00:00",
         remediations: [
            {
               category: "vendor_fix",
               date: "2013-03-11T18:14:00+00:00",
               details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
               product_ids: [
                  "6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6Client-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6ComputeNode-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6Server-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6Server-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6Workstation-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6Workstation-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
               ],
               restart_required: {
                  category: "none",
               },
               url: "https://access.redhat.com/errata/RHSA-2013:0623",
            },
         ],
         scores: [
            {
               cvss_v2: {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  availabilityImpact: "PARTIAL",
                  baseScore: 4.3,
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                  version: "2.0",
               },
               products: [
                  "6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6Client-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6ComputeNode-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6Server-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6Server-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6Workstation-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6Workstation-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               details: "Moderate",
            },
         ],
         title: "Tomcat - Denial Of Service when using NIO+SSL+sendfile",
      },
      {
         cve: "CVE-2012-5885",
         discovery_date: "2012-11-05T00:00:00+00:00",
         ids: [
            {
               system_name: "Red Hat Bugzilla ID",
               text: "873664",
            },
         ],
         notes: [
            {
               category: "description",
               text: "The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.",
               title: "Vulnerability description",
            },
            {
               category: "summary",
               text: "tomcat: three DIGEST authentication implementation issues",
               title: "Vulnerability summary",
            },
            {
               category: "general",
               text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
               title: "CVSS score applicability",
            },
         ],
         product_status: {
            fixed: [
               "6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
               "6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
               "6Client-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
               "6Client-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
               "6Client-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6Client-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
               "6Client-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6Client-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
               "6Client-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
               "6Client-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
               "6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
               "6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
               "6ComputeNode-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
               "6ComputeNode-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
               "6ComputeNode-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6ComputeNode-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
               "6ComputeNode-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6ComputeNode-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
               "6ComputeNode-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
               "6ComputeNode-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
               "6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
               "6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
               "6Server-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
               "6Server-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
               "6Server-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6Server-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
               "6Server-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6Server-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
               "6Server-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
               "6Server-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
               "6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
               "6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
               "6Server-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
               "6Server-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
               "6Server-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6Server-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
               "6Server-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6Server-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
               "6Server-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
               "6Server-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
               "6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
               "6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
               "6Workstation-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
               "6Workstation-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
               "6Workstation-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6Workstation-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
               "6Workstation-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6Workstation-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
               "6Workstation-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
               "6Workstation-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
               "6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
               "6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
               "6Workstation-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
               "6Workstation-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
               "6Workstation-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6Workstation-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
               "6Workstation-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6Workstation-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
               "6Workstation-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
               "6Workstation-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
            ],
         },
         references: [
            {
               category: "self",
               summary: "Canonical URL",
               url: "https://access.redhat.com/security/cve/CVE-2012-5885",
            },
            {
               category: "external",
               summary: "RHBZ#873664",
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=873664",
            },
            {
               category: "external",
               summary: "https://www.cve.org/CVERecord?id=CVE-2012-5885",
               url: "https://www.cve.org/CVERecord?id=CVE-2012-5885",
            },
            {
               category: "external",
               summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5885",
               url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5885",
            },
         ],
         release_date: "2012-11-05T00:00:00+00:00",
         remediations: [
            {
               category: "vendor_fix",
               date: "2013-03-11T18:14:00+00:00",
               details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
               product_ids: [
                  "6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6Client-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6ComputeNode-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6Server-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6Server-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6Workstation-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6Workstation-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
               ],
               restart_required: {
                  category: "none",
               },
               url: "https://access.redhat.com/errata/RHSA-2013:0623",
            },
         ],
         scores: [
            {
               cvss_v2: {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  availabilityImpact: "NONE",
                  baseScore: 5,
                  confidentialityImpact: "NONE",
                  integrityImpact: "PARTIAL",
                  vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                  version: "2.0",
               },
               products: [
                  "6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6Client-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6ComputeNode-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6Server-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6Server-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6Workstation-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6Workstation-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               details: "Moderate",
            },
         ],
         title: "tomcat: three DIGEST authentication implementation issues",
      },
      {
         cve: "CVE-2012-5886",
         discovery_date: "2012-11-05T00:00:00+00:00",
         ids: [
            {
               system_name: "Red Hat Bugzilla ID",
               text: "873664",
            },
         ],
         notes: [
            {
               category: "description",
               text: "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.",
               title: "Vulnerability description",
            },
            {
               category: "summary",
               text: "tomcat: three DIGEST authentication implementation issues",
               title: "Vulnerability summary",
            },
            {
               category: "general",
               text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
               title: "CVSS score applicability",
            },
         ],
         product_status: {
            fixed: [
               "6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
               "6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
               "6Client-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
               "6Client-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
               "6Client-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6Client-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
               "6Client-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6Client-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
               "6Client-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
               "6Client-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
               "6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
               "6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
               "6ComputeNode-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
               "6ComputeNode-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
               "6ComputeNode-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6ComputeNode-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
               "6ComputeNode-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6ComputeNode-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
               "6ComputeNode-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
               "6ComputeNode-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
               "6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
               "6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
               "6Server-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
               "6Server-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
               "6Server-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6Server-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
               "6Server-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6Server-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
               "6Server-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
               "6Server-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
               "6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
               "6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
               "6Server-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
               "6Server-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
               "6Server-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6Server-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
               "6Server-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6Server-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
               "6Server-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
               "6Server-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
               "6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
               "6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
               "6Workstation-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
               "6Workstation-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
               "6Workstation-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6Workstation-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
               "6Workstation-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6Workstation-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
               "6Workstation-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
               "6Workstation-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
               "6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
               "6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
               "6Workstation-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
               "6Workstation-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
               "6Workstation-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6Workstation-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
               "6Workstation-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6Workstation-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
               "6Workstation-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
               "6Workstation-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
            ],
         },
         references: [
            {
               category: "self",
               summary: "Canonical URL",
               url: "https://access.redhat.com/security/cve/CVE-2012-5886",
            },
            {
               category: "external",
               summary: "RHBZ#873664",
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=873664",
            },
            {
               category: "external",
               summary: "https://www.cve.org/CVERecord?id=CVE-2012-5886",
               url: "https://www.cve.org/CVERecord?id=CVE-2012-5886",
            },
            {
               category: "external",
               summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5886",
               url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5886",
            },
         ],
         release_date: "2012-11-05T00:00:00+00:00",
         remediations: [
            {
               category: "vendor_fix",
               date: "2013-03-11T18:14:00+00:00",
               details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
               product_ids: [
                  "6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6Client-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6ComputeNode-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6Server-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6Server-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6Workstation-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6Workstation-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
               ],
               restart_required: {
                  category: "none",
               },
               url: "https://access.redhat.com/errata/RHSA-2013:0623",
            },
         ],
         scores: [
            {
               cvss_v2: {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  availabilityImpact: "NONE",
                  baseScore: 5,
                  confidentialityImpact: "NONE",
                  integrityImpact: "PARTIAL",
                  vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                  version: "2.0",
               },
               products: [
                  "6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6Client-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6ComputeNode-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6Server-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6Server-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6Workstation-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6Workstation-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               details: "Moderate",
            },
         ],
         title: "tomcat: three DIGEST authentication implementation issues",
      },
      {
         cve: "CVE-2012-5887",
         discovery_date: "2012-11-05T00:00:00+00:00",
         ids: [
            {
               system_name: "Red Hat Bugzilla ID",
               text: "873664",
            },
         ],
         notes: [
            {
               category: "description",
               text: "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.",
               title: "Vulnerability description",
            },
            {
               category: "summary",
               text: "tomcat: three DIGEST authentication implementation issues",
               title: "Vulnerability summary",
            },
            {
               category: "general",
               text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
               title: "CVSS score applicability",
            },
         ],
         product_status: {
            fixed: [
               "6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
               "6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
               "6Client-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
               "6Client-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
               "6Client-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6Client-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
               "6Client-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6Client-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
               "6Client-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
               "6Client-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
               "6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
               "6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
               "6ComputeNode-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
               "6ComputeNode-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
               "6ComputeNode-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6ComputeNode-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
               "6ComputeNode-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6ComputeNode-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
               "6ComputeNode-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
               "6ComputeNode-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
               "6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
               "6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
               "6Server-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
               "6Server-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
               "6Server-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6Server-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
               "6Server-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6Server-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
               "6Server-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
               "6Server-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
               "6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
               "6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
               "6Server-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
               "6Server-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
               "6Server-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6Server-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
               "6Server-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6Server-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
               "6Server-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
               "6Server-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
               "6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
               "6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
               "6Workstation-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
               "6Workstation-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
               "6Workstation-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6Workstation-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
               "6Workstation-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6Workstation-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
               "6Workstation-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
               "6Workstation-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
               "6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
               "6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
               "6Workstation-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
               "6Workstation-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
               "6Workstation-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6Workstation-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
               "6Workstation-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
               "6Workstation-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
               "6Workstation-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
               "6Workstation-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
            ],
         },
         references: [
            {
               category: "self",
               summary: "Canonical URL",
               url: "https://access.redhat.com/security/cve/CVE-2012-5887",
            },
            {
               category: "external",
               summary: "RHBZ#873664",
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=873664",
            },
            {
               category: "external",
               summary: "https://www.cve.org/CVERecord?id=CVE-2012-5887",
               url: "https://www.cve.org/CVERecord?id=CVE-2012-5887",
            },
            {
               category: "external",
               summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5887",
               url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5887",
            },
         ],
         release_date: "2012-11-05T00:00:00+00:00",
         remediations: [
            {
               category: "vendor_fix",
               date: "2013-03-11T18:14:00+00:00",
               details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
               product_ids: [
                  "6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6Client-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6ComputeNode-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6Server-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6Server-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6Workstation-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6Workstation-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
               ],
               restart_required: {
                  category: "none",
               },
               url: "https://access.redhat.com/errata/RHSA-2013:0623",
            },
         ],
         scores: [
            {
               cvss_v2: {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  availabilityImpact: "NONE",
                  baseScore: 5,
                  confidentialityImpact: "NONE",
                  integrityImpact: "PARTIAL",
                  vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                  version: "2.0",
               },
               products: [
                  "6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6Client-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6Client-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6ComputeNode-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6ComputeNode-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6Server-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6Server-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6Server-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6Workstation-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
                  "6Workstation-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
                  "6Workstation-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               details: "Moderate",
            },
         ],
         title: "tomcat: three DIGEST authentication implementation issues",
      },
   ],
}

cve-2012-5885

Vulnerability from cvelistv5

Published

2012-11-17 19:00

Modified

2024-08-06 21:21

Severity ?

Summary

The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.

References

▼	URL	Tags
	http://www-01.ibm.com/support/docview.wss?uid=swg21626891	x_refsource_CONFIRM
	http://marc.info/?l=bugtraq&m=136612293908376&w=2	vendor-advisory, x_refsource_HP
	http://secunia.com/advisories/51371	third-party-advisory, x_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19432	vdb-entry, signature, x_refsource_OVAL
	http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html	vendor-advisory, x_refsource_SUSE
	http://svn.apache.org/viewvc?view=revision&revision=1392248	x_refsource_CONFIRM
	http://marc.info/?l=bugtraq&m=136485229118404&w=2	vendor-advisory, x_refsource_HP
	http://rhn.redhat.com/errata/RHSA-2013-0631.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2013-0640.html	vendor-advisory, x_refsource_REDHAT
	http://www.ubuntu.com/usn/USN-1637-1	vendor-advisory, x_refsource_UBUNTU
	http://www.securityfocus.com/bid/56403	vdb-entry, x_refsource_BID
	http://tomcat.apache.org/security-7.html	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2013-0648.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2013-0633.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2013-0629.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2013-0647.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2013-0632.html	vendor-advisory, x_refsource_REDHAT
	http://tomcat.apache.org/security-6.html	x_refsource_CONFIRM
	http://svn.apache.org/viewvc?view=revision&revision=1380829	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2013-0623.html	vendor-advisory, x_refsource_REDHAT
	http://tomcat.apache.org/security-5.html	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/80408	vdb-entry, x_refsource_XF
	http://marc.info/?l=bugtraq&m=136485229118404&w=2	vendor-advisory, x_refsource_HP
	http://svn.apache.org/viewvc?view=revision&revision=1377807	x_refsource_CONFIRM
	http://marc.info/?l=bugtraq&m=136612293908376&w=2	vendor-advisory, x_refsource_HP
	http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2013-0726.html	vendor-advisory, x_refsource_REDHAT

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T21:21:27.917Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www-01.ibm.com/support/docview.wss?uid=swg21626891",
               },
               {
                  name: "SSRT101139",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=136612293908376&w=2",
               },
               {
                  name: "51371",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/51371",
               },
               {
                  name: "oval:org.mitre.oval:def:19432",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19432",
               },
               {
                  name: "openSUSE-SU-2012:1700",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1392248",
               },
               {
                  name: "HPSBUX02860",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=136485229118404&w=2",
               },
               {
                  name: "RHSA-2013:0631",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0631.html",
               },
               {
                  name: "RHSA-2013:0640",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0640.html",
               },
               {
                  name: "USN-1637-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-1637-1",
               },
               {
                  name: "56403",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/56403",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tomcat.apache.org/security-7.html",
               },
               {
                  name: "RHSA-2013:0648",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0648.html",
               },
               {
                  name: "RHSA-2013:0633",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0633.html",
               },
               {
                  name: "RHSA-2013:0629",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0629.html",
               },
               {
                  name: "RHSA-2013:0647",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0647.html",
               },
               {
                  name: "RHSA-2013:0632",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0632.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tomcat.apache.org/security-6.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1380829",
               },
               {
                  name: "openSUSE-SU-2013:0147",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html",
               },
               {
                  name: "RHSA-2013:0623",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0623.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tomcat.apache.org/security-5.html",
               },
               {
                  name: "tomcat-replay-security-bypass(80408)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/80408",
               },
               {
                  name: "SSRT101146",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=136485229118404&w=2",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1377807",
               },
               {
                  name: "HPSBUX02866",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=136612293908376&w=2",
               },
               {
                  name: "openSUSE-SU-2012:1701",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html",
               },
               {
                  name: "RHSA-2013:0726",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0726.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2012-11-05T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-09-18T12:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www-01.ibm.com/support/docview.wss?uid=swg21626891",
            },
            {
               name: "SSRT101139",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=136612293908376&w=2",
            },
            {
               name: "51371",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/51371",
            },
            {
               name: "oval:org.mitre.oval:def:19432",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19432",
            },
            {
               name: "openSUSE-SU-2012:1700",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1392248",
            },
            {
               name: "HPSBUX02860",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=136485229118404&w=2",
            },
            {
               name: "RHSA-2013:0631",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0631.html",
            },
            {
               name: "RHSA-2013:0640",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0640.html",
            },
            {
               name: "USN-1637-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-1637-1",
            },
            {
               name: "56403",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/56403",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tomcat.apache.org/security-7.html",
            },
            {
               name: "RHSA-2013:0648",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0648.html",
            },
            {
               name: "RHSA-2013:0633",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0633.html",
            },
            {
               name: "RHSA-2013:0629",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0629.html",
            },
            {
               name: "RHSA-2013:0647",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0647.html",
            },
            {
               name: "RHSA-2013:0632",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0632.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tomcat.apache.org/security-6.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1380829",
            },
            {
               name: "openSUSE-SU-2013:0147",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html",
            },
            {
               name: "RHSA-2013:0623",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0623.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tomcat.apache.org/security-5.html",
            },
            {
               name: "tomcat-replay-security-bypass(80408)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/80408",
            },
            {
               name: "SSRT101146",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=136485229118404&w=2",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1377807",
            },
            {
               name: "HPSBUX02866",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=136612293908376&w=2",
            },
            {
               name: "openSUSE-SU-2012:1701",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html",
            },
            {
               name: "RHSA-2013:0726",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0726.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2012-5885",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://www-01.ibm.com/support/docview.wss?uid=swg21626891",
                     refsource: "CONFIRM",
                     url: "http://www-01.ibm.com/support/docview.wss?uid=swg21626891",
                  },
                  {
                     name: "SSRT101139",
                     refsource: "HP",
                     url: "http://marc.info/?l=bugtraq&m=136612293908376&w=2",
                  },
                  {
                     name: "51371",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/51371",
                  },
                  {
                     name: "oval:org.mitre.oval:def:19432",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19432",
                  },
                  {
                     name: "openSUSE-SU-2012:1700",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1392248",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1392248",
                  },
                  {
                     name: "HPSBUX02860",
                     refsource: "HP",
                     url: "http://marc.info/?l=bugtraq&m=136485229118404&w=2",
                  },
                  {
                     name: "RHSA-2013:0631",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2013-0631.html",
                  },
                  {
                     name: "RHSA-2013:0640",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2013-0640.html",
                  },
                  {
                     name: "USN-1637-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-1637-1",
                  },
                  {
                     name: "56403",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/56403",
                  },
                  {
                     name: "http://tomcat.apache.org/security-7.html",
                     refsource: "CONFIRM",
                     url: "http://tomcat.apache.org/security-7.html",
                  },
                  {
                     name: "RHSA-2013:0648",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2013-0648.html",
                  },
                  {
                     name: "RHSA-2013:0633",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2013-0633.html",
                  },
                  {
                     name: "RHSA-2013:0629",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2013-0629.html",
                  },
                  {
                     name: "RHSA-2013:0647",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2013-0647.html",
                  },
                  {
                     name: "RHSA-2013:0632",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2013-0632.html",
                  },
                  {
                     name: "http://tomcat.apache.org/security-6.html",
                     refsource: "CONFIRM",
                     url: "http://tomcat.apache.org/security-6.html",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1380829",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1380829",
                  },
                  {
                     name: "openSUSE-SU-2013:0147",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html",
                  },
                  {
                     name: "RHSA-2013:0623",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2013-0623.html",
                  },
                  {
                     name: "http://tomcat.apache.org/security-5.html",
                     refsource: "CONFIRM",
                     url: "http://tomcat.apache.org/security-5.html",
                  },
                  {
                     name: "tomcat-replay-security-bypass(80408)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/80408",
                  },
                  {
                     name: "SSRT101146",
                     refsource: "HP",
                     url: "http://marc.info/?l=bugtraq&m=136485229118404&w=2",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1377807",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1377807",
                  },
                  {
                     name: "HPSBUX02866",
                     refsource: "HP",
                     url: "http://marc.info/?l=bugtraq&m=136612293908376&w=2",
                  },
                  {
                     name: "openSUSE-SU-2012:1701",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html",
                  },
                  {
                     name: "RHSA-2013:0726",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2013-0726.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2012-5885",
      datePublished: "2012-11-17T19:00:00",
      dateReserved: "2012-11-17T00:00:00",
      dateUpdated: "2024-08-06T21:21:27.917Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2012-4534

Vulnerability from cvelistv5

Published

2012-12-19 11:00

Modified

2024-08-06 20:42

Severity ?

Summary

org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.

References

▼	URL	Tags
	http://marc.info/?l=bugtraq&m=136612293908376&w=2	vendor-advisory, x_refsource_HP
	http://svn.apache.org/viewvc?view=revision&revision=1340218	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2013-01/msg00051.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-1685-1	vendor-advisory, x_refsource_UBUNTU
	http://www.securitytracker.com/id?1027836	vdb-entry, x_refsource_SECTRACK
	http://lists.opensuse.org/opensuse-updates/2013-01/msg00080.html	vendor-advisory, x_refsource_SUSE
	https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878	vendor-advisory, x_refsource_HP
	https://issues.apache.org/bugzilla/show_bug.cgi?id=52858	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2013-01/msg00061.html	vendor-advisory, x_refsource_SUSE
	http://tomcat.apache.org/security-7.html	x_refsource_CONFIRM
	https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878	vendor-advisory, x_refsource_HP
	http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java?r1=1340218&r2=1340217&pathrev=1340218	x_refsource_CONFIRM
	http://tomcat.apache.org/security-6.html	x_refsource_CONFIRM
	http://secunia.com/advisories/57126	third-party-advisory, x_refsource_SECUNIA
	http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1340218&r2=1340217&pathrev=1340218	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2013-0623.html	vendor-advisory, x_refsource_REDHAT
	http://archives.neohapsis.com/archives/bugtraq/2012-12/0043.html	mailing-list, x_refsource_BUGTRAQ
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19398	vdb-entry, signature, x_refsource_OVAL
	http://www.securityfocus.com/bid/56813	vdb-entry, x_refsource_BID
	http://marc.info/?l=bugtraq&m=136612293908376&w=2	vendor-advisory, x_refsource_HP
	http://marc.info/?l=bugtraq&m=139344343412337&w=2	vendor-advisory, x_refsource_HP

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T20:42:54.556Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "SSRT101139",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=136612293908376&w=2",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1340218",
               },
               {
                  name: "openSUSE-SU-2013:0161",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00051.html",
               },
               {
                  name: "USN-1685-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-1685-1",
               },
               {
                  name: "1027836",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1027836",
               },
               {
                  name: "openSUSE-SU-2013:0192",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00080.html",
               },
               {
                  name: "SSRT101182",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://issues.apache.org/bugzilla/show_bug.cgi?id=52858",
               },
               {
                  name: "openSUSE-SU-2013:0170",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00061.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tomcat.apache.org/security-7.html",
               },
               {
                  name: "HPSBMU02873",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java?r1=1340218&r2=1340217&pathrev=1340218",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tomcat.apache.org/security-6.html",
               },
               {
                  name: "57126",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/57126",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1340218&r2=1340217&pathrev=1340218",
               },
               {
                  name: "RHSA-2013:0623",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0623.html",
               },
               {
                  name: "20121204 CVE-2012-4534 Apache Tomcat denial of service",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://archives.neohapsis.com/archives/bugtraq/2012-12/0043.html",
               },
               {
                  name: "oval:org.mitre.oval:def:19398",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19398",
               },
               {
                  name: "56813",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/56813",
               },
               {
                  name: "HPSBUX02866",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=136612293908376&w=2",
               },
               {
                  name: "HPSBST02955",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=139344343412337&w=2",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2012-12-04T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-09-18T12:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "SSRT101139",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=136612293908376&w=2",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1340218",
            },
            {
               name: "openSUSE-SU-2013:0161",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00051.html",
            },
            {
               name: "USN-1685-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-1685-1",
            },
            {
               name: "1027836",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1027836",
            },
            {
               name: "openSUSE-SU-2013:0192",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00080.html",
            },
            {
               name: "SSRT101182",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://issues.apache.org/bugzilla/show_bug.cgi?id=52858",
            },
            {
               name: "openSUSE-SU-2013:0170",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00061.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tomcat.apache.org/security-7.html",
            },
            {
               name: "HPSBMU02873",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java?r1=1340218&r2=1340217&pathrev=1340218",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tomcat.apache.org/security-6.html",
            },
            {
               name: "57126",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/57126",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1340218&r2=1340217&pathrev=1340218",
            },
            {
               name: "RHSA-2013:0623",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0623.html",
            },
            {
               name: "20121204 CVE-2012-4534 Apache Tomcat denial of service",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://archives.neohapsis.com/archives/bugtraq/2012-12/0043.html",
            },
            {
               name: "oval:org.mitre.oval:def:19398",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19398",
            },
            {
               name: "56813",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/56813",
            },
            {
               name: "HPSBUX02866",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=136612293908376&w=2",
            },
            {
               name: "HPSBST02955",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=139344343412337&w=2",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2012-4534",
      datePublished: "2012-12-19T11:00:00",
      dateReserved: "2012-08-21T00:00:00",
      dateUpdated: "2024-08-06T20:42:54.556Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2012-3546

Vulnerability from cvelistv5

Published

2012-12-19 11:00

Modified

2024-08-06 20:13

Severity ?

Summary

org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.

References

▼	URL	Tags
	http://marc.info/?l=bugtraq&m=136612293908376&w=2	vendor-advisory, x_refsource_HP
	http://www.securitytracker.com/id?1027833	vdb-entry, x_refsource_SECTRACK
	http://www.ubuntu.com/usn/USN-1685-1	vendor-advisory, x_refsource_UBUNTU
	http://www.securityfocus.com/bid/56812	vdb-entry, x_refsource_BID
	http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html	vendor-advisory, x_refsource_SUSE
	http://svn.apache.org/viewvc?view=revision&revision=1377892	x_refsource_CONFIRM
	http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java?r1=1377892&r2=1377891&pathrev=1377892	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2013-0640.html	vendor-advisory, x_refsource_REDHAT
	http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1377892&r2=1377891&pathrev=1377892	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2013-0163.html	vendor-advisory, x_refsource_REDHAT
	https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878	vendor-advisory, x_refsource_HP
	http://rhn.redhat.com/errata/RHSA-2013-0164.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2013-0192.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2013-0198.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2013-0641.html	vendor-advisory, x_refsource_REDHAT
	http://archives.neohapsis.com/archives/bugtraq/2012-12/0044.html	mailing-list, x_refsource_BUGTRAQ
	http://tomcat.apache.org/security-7.html	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2013-0004.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2013-0195.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2013-0221.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2013-0196.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2013-0147.html	vendor-advisory, x_refsource_REDHAT
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19305	vdb-entry, signature, x_refsource_OVAL
	https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878	vendor-advisory, x_refsource_HP
	http://rhn.redhat.com/errata/RHSA-2013-0158.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2013-0193.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2013-0157.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/51984	third-party-advisory, x_refsource_SECUNIA
	http://tomcat.apache.org/security-6.html	x_refsource_CONFIRM
	http://secunia.com/advisories/52054	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/57126	third-party-advisory, x_refsource_SECUNIA
	http://rhn.redhat.com/errata/RHSA-2013-0146.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2013-0191.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2013-0623.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2013-0197.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2013-0235.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2013-0642.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2013-0194.html	vendor-advisory, x_refsource_REDHAT
	http://marc.info/?l=bugtraq&m=136612293908376&w=2	vendor-advisory, x_refsource_HP
	http://rhn.redhat.com/errata/RHSA-2013-0005.html	vendor-advisory, x_refsource_REDHAT
	http://marc.info/?l=bugtraq&m=139344343412337&w=2	vendor-advisory, x_refsource_HP
	http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2013-0162.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2013-0151.html	vendor-advisory, x_refsource_REDHAT

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T20:13:50.128Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "SSRT101139",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=136612293908376&w=2",
               },
               {
                  name: "1027833",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1027833",
               },
               {
                  name: "USN-1685-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-1685-1",
               },
               {
                  name: "56812",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/56812",
               },
               {
                  name: "openSUSE-SU-2012:1700",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1377892",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java?r1=1377892&r2=1377891&pathrev=1377892",
               },
               {
                  name: "RHSA-2013:0640",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0640.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1377892&r2=1377891&pathrev=1377892",
               },
               {
                  name: "RHSA-2013:0163",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0163.html",
               },
               {
                  name: "SSRT101182",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878",
               },
               {
                  name: "RHSA-2013:0164",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0164.html",
               },
               {
                  name: "RHSA-2013:0192",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0192.html",
               },
               {
                  name: "RHSA-2013:0198",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0198.html",
               },
               {
                  name: "RHSA-2013:0641",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0641.html",
               },
               {
                  name: "20121204 CVE-2012-3546 Apache Tomcat Bypass of security constraints",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://archives.neohapsis.com/archives/bugtraq/2012-12/0044.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tomcat.apache.org/security-7.html",
               },
               {
                  name: "RHSA-2013:0004",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0004.html",
               },
               {
                  name: "RHSA-2013:0195",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0195.html",
               },
               {
                  name: "RHSA-2013:0221",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0221.html",
               },
               {
                  name: "RHSA-2013:0196",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0196.html",
               },
               {
                  name: "RHSA-2013:0147",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0147.html",
               },
               {
                  name: "oval:org.mitre.oval:def:19305",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19305",
               },
               {
                  name: "HPSBMU02873",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878",
               },
               {
                  name: "RHSA-2013:0158",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0158.html",
               },
               {
                  name: "RHSA-2013:0193",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0193.html",
               },
               {
                  name: "RHSA-2013:0157",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0157.html",
               },
               {
                  name: "51984",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/51984",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tomcat.apache.org/security-6.html",
               },
               {
                  name: "52054",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/52054",
               },
               {
                  name: "57126",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/57126",
               },
               {
                  name: "RHSA-2013:0146",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0146.html",
               },
               {
                  name: "openSUSE-SU-2013:0147",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html",
               },
               {
                  name: "RHSA-2013:0191",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0191.html",
               },
               {
                  name: "RHSA-2013:0623",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0623.html",
               },
               {
                  name: "RHSA-2013:0197",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0197.html",
               },
               {
                  name: "RHSA-2013:0235",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0235.html",
               },
               {
                  name: "RHSA-2013:0642",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0642.html",
               },
               {
                  name: "RHSA-2013:0194",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0194.html",
               },
               {
                  name: "HPSBUX02866",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=136612293908376&w=2",
               },
               {
                  name: "RHSA-2013:0005",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0005.html",
               },
               {
                  name: "HPSBST02955",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=139344343412337&w=2",
               },
               {
                  name: "openSUSE-SU-2012:1701",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html",
               },
               {
                  name: "RHSA-2013:0162",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0162.html",
               },
               {
                  name: "RHSA-2013:0151",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0151.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2012-12-04T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-09-18T12:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "SSRT101139",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=136612293908376&w=2",
            },
            {
               name: "1027833",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1027833",
            },
            {
               name: "USN-1685-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-1685-1",
            },
            {
               name: "56812",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/56812",
            },
            {
               name: "openSUSE-SU-2012:1700",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1377892",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java?r1=1377892&r2=1377891&pathrev=1377892",
            },
            {
               name: "RHSA-2013:0640",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0640.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1377892&r2=1377891&pathrev=1377892",
            },
            {
               name: "RHSA-2013:0163",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0163.html",
            },
            {
               name: "SSRT101182",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878",
            },
            {
               name: "RHSA-2013:0164",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0164.html",
            },
            {
               name: "RHSA-2013:0192",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0192.html",
            },
            {
               name: "RHSA-2013:0198",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0198.html",
            },
            {
               name: "RHSA-2013:0641",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0641.html",
            },
            {
               name: "20121204 CVE-2012-3546 Apache Tomcat Bypass of security constraints",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://archives.neohapsis.com/archives/bugtraq/2012-12/0044.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tomcat.apache.org/security-7.html",
            },
            {
               name: "RHSA-2013:0004",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0004.html",
            },
            {
               name: "RHSA-2013:0195",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0195.html",
            },
            {
               name: "RHSA-2013:0221",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0221.html",
            },
            {
               name: "RHSA-2013:0196",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0196.html",
            },
            {
               name: "RHSA-2013:0147",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0147.html",
            },
            {
               name: "oval:org.mitre.oval:def:19305",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19305",
            },
            {
               name: "HPSBMU02873",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878",
            },
            {
               name: "RHSA-2013:0158",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0158.html",
            },
            {
               name: "RHSA-2013:0193",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0193.html",
            },
            {
               name: "RHSA-2013:0157",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0157.html",
            },
            {
               name: "51984",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/51984",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tomcat.apache.org/security-6.html",
            },
            {
               name: "52054",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/52054",
            },
            {
               name: "57126",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/57126",
            },
            {
               name: "RHSA-2013:0146",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0146.html",
            },
            {
               name: "openSUSE-SU-2013:0147",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html",
            },
            {
               name: "RHSA-2013:0191",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0191.html",
            },
            {
               name: "RHSA-2013:0623",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0623.html",
            },
            {
               name: "RHSA-2013:0197",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0197.html",
            },
            {
               name: "RHSA-2013:0235",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0235.html",
            },
            {
               name: "RHSA-2013:0642",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0642.html",
            },
            {
               name: "RHSA-2013:0194",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0194.html",
            },
            {
               name: "HPSBUX02866",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=136612293908376&w=2",
            },
            {
               name: "RHSA-2013:0005",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0005.html",
            },
            {
               name: "HPSBST02955",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=139344343412337&w=2",
            },
            {
               name: "openSUSE-SU-2012:1701",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html",
            },
            {
               name: "RHSA-2013:0162",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0162.html",
            },
            {
               name: "RHSA-2013:0151",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0151.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2012-3546",
      datePublished: "2012-12-19T11:00:00",
      dateReserved: "2012-06-14T00:00:00",
      dateUpdated: "2024-08-06T20:13:50.128Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2012-5886

Vulnerability from cvelistv5

Published

2012-11-17 19:00

Modified

2024-08-06 21:21

Severity ?

Summary

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.

References

▼	URL	Tags
	http://www-01.ibm.com/support/docview.wss?uid=swg21626891	x_refsource_CONFIRM
	http://secunia.com/advisories/51371	third-party-advisory, x_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html	vendor-advisory, x_refsource_SUSE
	http://svn.apache.org/viewvc?view=revision&revision=1392248	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2013-0631.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2013-0640.html	vendor-advisory, x_refsource_REDHAT
	http://www.ubuntu.com/usn/USN-1637-1	vendor-advisory, x_refsource_UBUNTU
	http://www.securityfocus.com/bid/56403	vdb-entry, x_refsource_BID
	http://tomcat.apache.org/security-7.html	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2013-0648.html	vendor-advisory, x_refsource_REDHAT
	https://exchange.xforce.ibmcloud.com/vulnerabilities/80407	vdb-entry, x_refsource_XF
	http://rhn.redhat.com/errata/RHSA-2013-0633.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2013-0629.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2013-0647.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2013-0632.html	vendor-advisory, x_refsource_REDHAT
	http://tomcat.apache.org/security-6.html	x_refsource_CONFIRM
	http://svn.apache.org/viewvc?view=revision&revision=1380829	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2013-0623.html	vendor-advisory, x_refsource_REDHAT
	http://tomcat.apache.org/security-5.html	x_refsource_CONFIRM
	http://svn.apache.org/viewvc?view=revision&revision=1377807	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2013-0726.html	vendor-advisory, x_refsource_REDHAT

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T21:21:27.875Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www-01.ibm.com/support/docview.wss?uid=swg21626891",
               },
               {
                  name: "51371",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/51371",
               },
               {
                  name: "openSUSE-SU-2012:1700",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1392248",
               },
               {
                  name: "RHSA-2013:0631",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0631.html",
               },
               {
                  name: "RHSA-2013:0640",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0640.html",
               },
               {
                  name: "USN-1637-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-1637-1",
               },
               {
                  name: "56403",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/56403",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tomcat.apache.org/security-7.html",
               },
               {
                  name: "RHSA-2013:0648",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0648.html",
               },
               {
                  name: "tomcat-http-Digest-security-bypass(80407)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/80407",
               },
               {
                  name: "RHSA-2013:0633",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0633.html",
               },
               {
                  name: "RHSA-2013:0629",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0629.html",
               },
               {
                  name: "RHSA-2013:0647",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0647.html",
               },
               {
                  name: "RHSA-2013:0632",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0632.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tomcat.apache.org/security-6.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1380829",
               },
               {
                  name: "openSUSE-SU-2013:0147",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html",
               },
               {
                  name: "RHSA-2013:0623",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0623.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tomcat.apache.org/security-5.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1377807",
               },
               {
                  name: "openSUSE-SU-2012:1701",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html",
               },
               {
                  name: "RHSA-2013:0726",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0726.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2012-11-05T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-08-28T12:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www-01.ibm.com/support/docview.wss?uid=swg21626891",
            },
            {
               name: "51371",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/51371",
            },
            {
               name: "openSUSE-SU-2012:1700",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1392248",
            },
            {
               name: "RHSA-2013:0631",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0631.html",
            },
            {
               name: "RHSA-2013:0640",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0640.html",
            },
            {
               name: "USN-1637-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-1637-1",
            },
            {
               name: "56403",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/56403",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tomcat.apache.org/security-7.html",
            },
            {
               name: "RHSA-2013:0648",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0648.html",
            },
            {
               name: "tomcat-http-Digest-security-bypass(80407)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/80407",
            },
            {
               name: "RHSA-2013:0633",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0633.html",
            },
            {
               name: "RHSA-2013:0629",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0629.html",
            },
            {
               name: "RHSA-2013:0647",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0647.html",
            },
            {
               name: "RHSA-2013:0632",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0632.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tomcat.apache.org/security-6.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1380829",
            },
            {
               name: "openSUSE-SU-2013:0147",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html",
            },
            {
               name: "RHSA-2013:0623",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0623.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tomcat.apache.org/security-5.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1377807",
            },
            {
               name: "openSUSE-SU-2012:1701",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html",
            },
            {
               name: "RHSA-2013:0726",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0726.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2012-5886",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://www-01.ibm.com/support/docview.wss?uid=swg21626891",
                     refsource: "CONFIRM",
                     url: "http://www-01.ibm.com/support/docview.wss?uid=swg21626891",
                  },
                  {
                     name: "51371",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/51371",
                  },
                  {
                     name: "openSUSE-SU-2012:1700",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1392248",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1392248",
                  },
                  {
                     name: "RHSA-2013:0631",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2013-0631.html",
                  },
                  {
                     name: "RHSA-2013:0640",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2013-0640.html",
                  },
                  {
                     name: "USN-1637-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-1637-1",
                  },
                  {
                     name: "56403",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/56403",
                  },
                  {
                     name: "http://tomcat.apache.org/security-7.html",
                     refsource: "CONFIRM",
                     url: "http://tomcat.apache.org/security-7.html",
                  },
                  {
                     name: "RHSA-2013:0648",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2013-0648.html",
                  },
                  {
                     name: "tomcat-http-Digest-security-bypass(80407)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/80407",
                  },
                  {
                     name: "RHSA-2013:0633",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2013-0633.html",
                  },
                  {
                     name: "RHSA-2013:0629",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2013-0629.html",
                  },
                  {
                     name: "RHSA-2013:0647",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2013-0647.html",
                  },
                  {
                     name: "RHSA-2013:0632",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2013-0632.html",
                  },
                  {
                     name: "http://tomcat.apache.org/security-6.html",
                     refsource: "CONFIRM",
                     url: "http://tomcat.apache.org/security-6.html",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1380829",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1380829",
                  },
                  {
                     name: "openSUSE-SU-2013:0147",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html",
                  },
                  {
                     name: "RHSA-2013:0623",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2013-0623.html",
                  },
                  {
                     name: "http://tomcat.apache.org/security-5.html",
                     refsource: "CONFIRM",
                     url: "http://tomcat.apache.org/security-5.html",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1377807",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1377807",
                  },
                  {
                     name: "openSUSE-SU-2012:1701",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html",
                  },
                  {
                     name: "RHSA-2013:0726",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2013-0726.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2012-5886",
      datePublished: "2012-11-17T19:00:00",
      dateReserved: "2012-11-17T00:00:00",
      dateUpdated: "2024-08-06T21:21:27.875Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2012-5887

Vulnerability from cvelistv5

Published

2012-11-17 19:00

Modified

2024-08-06 21:21

Severity ?

Summary

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.

References

▼	URL	Tags
	http://www-01.ibm.com/support/docview.wss?uid=swg21626891	x_refsource_CONFIRM
	http://secunia.com/advisories/51371	third-party-advisory, x_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html	vendor-advisory, x_refsource_SUSE
	http://svn.apache.org/viewvc?view=revision&revision=1392248	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2013-0631.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2013-0640.html	vendor-advisory, x_refsource_REDHAT
	http://www.ubuntu.com/usn/USN-1637-1	vendor-advisory, x_refsource_UBUNTU
	http://www.securityfocus.com/bid/56403	vdb-entry, x_refsource_BID
	http://tomcat.apache.org/security-7.html	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2013-0648.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2013-0633.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2013-0629.html	vendor-advisory, x_refsource_REDHAT
	https://exchange.xforce.ibmcloud.com/vulnerabilities/79809	vdb-entry, x_refsource_XF
	http://rhn.redhat.com/errata/RHSA-2013-0647.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2013-0632.html	vendor-advisory, x_refsource_REDHAT
	http://tomcat.apache.org/security-6.html	x_refsource_CONFIRM
	http://svn.apache.org/viewvc?view=revision&revision=1380829	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2013-0623.html	vendor-advisory, x_refsource_REDHAT
	http://tomcat.apache.org/security-5.html	x_refsource_CONFIRM
	http://svn.apache.org/viewvc?view=revision&revision=1377807	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2013-0726.html	vendor-advisory, x_refsource_REDHAT

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T21:21:27.681Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www-01.ibm.com/support/docview.wss?uid=swg21626891",
               },
               {
                  name: "51371",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/51371",
               },
               {
                  name: "openSUSE-SU-2012:1700",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1392248",
               },
               {
                  name: "RHSA-2013:0631",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0631.html",
               },
               {
                  name: "RHSA-2013:0640",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0640.html",
               },
               {
                  name: "USN-1637-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-1637-1",
               },
               {
                  name: "56403",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/56403",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tomcat.apache.org/security-7.html",
               },
               {
                  name: "RHSA-2013:0648",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0648.html",
               },
               {
                  name: "RHSA-2013:0633",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0633.html",
               },
               {
                  name: "RHSA-2013:0629",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0629.html",
               },
               {
                  name: "tomcat-digest-security-bypass(79809)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/79809",
               },
               {
                  name: "RHSA-2013:0647",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0647.html",
               },
               {
                  name: "RHSA-2013:0632",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0632.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tomcat.apache.org/security-6.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1380829",
               },
               {
                  name: "openSUSE-SU-2013:0147",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html",
               },
               {
                  name: "RHSA-2013:0623",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0623.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tomcat.apache.org/security-5.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1377807",
               },
               {
                  name: "openSUSE-SU-2012:1701",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html",
               },
               {
                  name: "RHSA-2013:0726",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0726.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2012-11-05T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-08-28T12:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www-01.ibm.com/support/docview.wss?uid=swg21626891",
            },
            {
               name: "51371",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/51371",
            },
            {
               name: "openSUSE-SU-2012:1700",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1392248",
            },
            {
               name: "RHSA-2013:0631",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0631.html",
            },
            {
               name: "RHSA-2013:0640",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0640.html",
            },
            {
               name: "USN-1637-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-1637-1",
            },
            {
               name: "56403",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/56403",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tomcat.apache.org/security-7.html",
            },
            {
               name: "RHSA-2013:0648",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0648.html",
            },
            {
               name: "RHSA-2013:0633",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0633.html",
            },
            {
               name: "RHSA-2013:0629",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0629.html",
            },
            {
               name: "tomcat-digest-security-bypass(79809)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/79809",
            },
            {
               name: "RHSA-2013:0647",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0647.html",
            },
            {
               name: "RHSA-2013:0632",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0632.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tomcat.apache.org/security-6.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1380829",
            },
            {
               name: "openSUSE-SU-2013:0147",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html",
            },
            {
               name: "RHSA-2013:0623",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0623.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tomcat.apache.org/security-5.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1377807",
            },
            {
               name: "openSUSE-SU-2012:1701",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html",
            },
            {
               name: "RHSA-2013:0726",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0726.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2012-5887",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://www-01.ibm.com/support/docview.wss?uid=swg21626891",
                     refsource: "CONFIRM",
                     url: "http://www-01.ibm.com/support/docview.wss?uid=swg21626891",
                  },
                  {
                     name: "51371",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/51371",
                  },
                  {
                     name: "openSUSE-SU-2012:1700",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1392248",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1392248",
                  },
                  {
                     name: "RHSA-2013:0631",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2013-0631.html",
                  },
                  {
                     name: "RHSA-2013:0640",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2013-0640.html",
                  },
                  {
                     name: "USN-1637-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-1637-1",
                  },
                  {
                     name: "56403",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/56403",
                  },
                  {
                     name: "http://tomcat.apache.org/security-7.html",
                     refsource: "CONFIRM",
                     url: "http://tomcat.apache.org/security-7.html",
                  },
                  {
                     name: "RHSA-2013:0648",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2013-0648.html",
                  },
                  {
                     name: "RHSA-2013:0633",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2013-0633.html",
                  },
                  {
                     name: "RHSA-2013:0629",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2013-0629.html",
                  },
                  {
                     name: "tomcat-digest-security-bypass(79809)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/79809",
                  },
                  {
                     name: "RHSA-2013:0647",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2013-0647.html",
                  },
                  {
                     name: "RHSA-2013:0632",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2013-0632.html",
                  },
                  {
                     name: "http://tomcat.apache.org/security-6.html",
                     refsource: "CONFIRM",
                     url: "http://tomcat.apache.org/security-6.html",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1380829",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1380829",
                  },
                  {
                     name: "openSUSE-SU-2013:0147",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html",
                  },
                  {
                     name: "RHSA-2013:0623",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2013-0623.html",
                  },
                  {
                     name: "http://tomcat.apache.org/security-5.html",
                     refsource: "CONFIRM",
                     url: "http://tomcat.apache.org/security-5.html",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1377807",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1377807",
                  },
                  {
                     name: "openSUSE-SU-2012:1701",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html",
                  },
                  {
                     name: "RHSA-2013:0726",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2013-0726.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2012-5887",
      datePublished: "2012-11-17T19:00:00",
      dateReserved: "2012-11-17T00:00:00",
      dateUpdated: "2024-08-06T21:21:27.681Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

RHSA-2013:0623

Vulnerability from csaf_redhat

cve-2012-5885

Vulnerability from cvelistv5

cve-2012-4534

Vulnerability from cvelistv5

cve-2012-3546

Vulnerability from cvelistv5

cve-2012-5886

Vulnerability from cvelistv5

cve-2012-5887

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature