#VU64536 Permissions, Privileges, and Access Controls in Apache Tomcat - CVE-2012-5885

Description

The vulnerability allows a remote attacker to bypass intended access restrictions.

The vulnerability exists due to replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values. A remote attacker can bypass intended access restrictions by sniffing the network for valid requests

Remediation

External links

• http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html
• http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html
• http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html
• http://marc.info/?l=bugtraq&m=136485229118404&w=2
• http://marc.info/?l=bugtraq&m=136612293908376&w=2
• http://rhn.redhat.com/errata/RHSA-2013-0623.html
• http://rhn.redhat.com/errata/RHSA-2013-0629.html
• http://rhn.redhat.com/errata/RHSA-2013-0631.html
• http://rhn.redhat.com/errata/RHSA-2013-0632.html
• http://rhn.redhat.com/errata/RHSA-2013-0633.html
• http://rhn.redhat.com/errata/RHSA-2013-0640.html
• http://rhn.redhat.com/errata/RHSA-2013-0647.html
• http://rhn.redhat.com/errata/RHSA-2013-0648.html
• http://rhn.redhat.com/errata/RHSA-2013-0726.html
• http://secunia.com/advisories/51371
• http://svn.apache.org/viewvc?view=revision&revision=1377807
• http://svn.apache.org/viewvc?view=revision&revision=1380829
• http://svn.apache.org/viewvc?view=revision&revision=1392248
• http://tomcat.apache.org/security-5.html
• http://tomcat.apache.org/security-6.html
• http://tomcat.apache.org/security-7.html
• http://www.securityfocus.com/bid/56403
• http://www.ubuntu.com/usn/USN-1637-1
• http://www-01.ibm.com/support/docview.wss?uid=swg21626891
• https://exchange.xforce.ibmcloud.com/vulnerabilities/80408
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19432