Test ID:	1.3.6.1.4.1.25623.1.0.802678
Category:	Web Servers
Title:	Apache Tomcat Multiple Security Bypass Vulnerabilities - Windows
Summary:	Apache Tomcat Server is prone to multiple security bypass vulnerabilities.
Description:	Summary: Apache Tomcat Server is prone to multiple security bypass vulnerabilities. Vulnerability Insight: The flaws are due to error in HTTP digest access authentication implementation, which does not properly validate for, - stale nonce values in conjunction with enforcement of proper credentials - caches information about the authenticated user within the session state - cnonce values instead of nonce and nc values. Vulnerability Impact: Successful exploitation could allow remote attackers to bypass intended access restrictions by sniffing the network for valid requests. Affected Software/OS: Apache Tomcat version 5.5.x to 5.5.35, 6.x to 6.0.35 and 7.x to 7.0.29. Solution: Apply patch or upgrade Apache Tomcat to 5.5.36, 6.0.36, 7.0.30 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-5887 BugTraq ID: 56403 http://www.securityfocus.com/bid/56403 RedHat Security Advisories: RHSA-2013:0623 http://rhn.redhat.com/errata/RHSA-2013-0623.html RedHat Security Advisories: RHSA-2013:0629 http://rhn.redhat.com/errata/RHSA-2013-0629.html RedHat Security Advisories: RHSA-2013:0631 http://rhn.redhat.com/errata/RHSA-2013-0631.html RedHat Security Advisories: RHSA-2013:0632 http://rhn.redhat.com/errata/RHSA-2013-0632.html RedHat Security Advisories: RHSA-2013:0633 http://rhn.redhat.com/errata/RHSA-2013-0633.html RedHat Security Advisories: RHSA-2013:0640 http://rhn.redhat.com/errata/RHSA-2013-0640.html RedHat Security Advisories: RHSA-2013:0647 http://rhn.redhat.com/errata/RHSA-2013-0647.html RedHat Security Advisories: RHSA-2013:0648 http://rhn.redhat.com/errata/RHSA-2013-0648.html RedHat Security Advisories: RHSA-2013:0726 http://rhn.redhat.com/errata/RHSA-2013-0726.html http://secunia.com/advisories/51371 SuSE Security Announcement: openSUSE-SU-2012:1700 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html SuSE Security Announcement: openSUSE-SU-2012:1701 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html SuSE Security Announcement: openSUSE-SU-2013:0147 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html http://www.ubuntu.com/usn/USN-1637-1 XForce ISS Database: tomcat-digest-security-bypass(79809) https://exchange.xforce.ibmcloud.com/vulnerabilities/79809 Common Vulnerability Exposure (CVE) ID: CVE-2012-5886 XForce ISS Database: tomcat-http-Digest-security-bypass(80407) https://exchange.xforce.ibmcloud.com/vulnerabilities/80407 Common Vulnerability Exposure (CVE) ID: CVE-2012-5885 HPdes Security Advisory: HPSBUX02860 http://marc.info/?l=bugtraq&m=136485229118404&w=2 HPdes Security Advisory: HPSBUX02866 http://marc.info/?l=bugtraq&m=136612293908376&w=2 HPdes Security Advisory: SSRT101139 HPdes Security Advisory: SSRT101146 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19432 XForce ISS Database: tomcat-replay-security-bypass(80408) https://exchange.xforce.ibmcloud.com/vulnerabilities/80408
Copyright	Copyright (C) 2012 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.