VDB

RHSA-2012%3A0041

RHSA-2012%3A0041 PUBLISHED CVSS 4.300000190734863 MEDIUM

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.

Risk Scores

CVSS 2.0
4.300000190734863

Affected Products

VendorProductVersions
Red HatRed Hat JBoss Enterprise Application Platform 4.3

Timeline

  • Jan 19, 2012 CVE Published
  • Jan 28, 2026 CVE Updated
  • Apr 29, 2026 Distribution Patch
  • Apr 29, 2026 Distribution Patch
  • Apr 29, 2026 Security Advisory
  • Apr 29, 2026 Security Advisory
  • Apr 29, 2026 Security Advisory
  • Apr 29, 2026 Security Advisory
  • Apr 29, 2026 Security Advisory
  • Apr 29, 2026 Security Advisory
  • Apr 29, 2026 Security Advisory

References

…and 5 more

Open in Interactive Console →
$ Console Community · 100/wk Open console ›