Search for vulnerabilities
Vulnerability details: VCID-3mpp-yjss-aaad
Vulnerability ID VCID-3mpp-yjss-aaad
Aliases CVE-2012-5886
GHSA-9xrj-439h-62hg
Summary The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-287 Improper Authentication
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual MODERATE http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-0623.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-0629.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-0631.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-0632.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-0640.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-0647.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-0648.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-0726.html
rhas Moderate https://access.redhat.com/errata/RHSA-2013:0265
rhas Moderate https://access.redhat.com/errata/RHSA-2013:0266
rhas Important https://access.redhat.com/errata/RHSA-2013:0623
rhas Moderate https://access.redhat.com/errata/RHSA-2013:0629
rhas Moderate https://access.redhat.com/errata/RHSA-2013:0631
rhas Moderate https://access.redhat.com/errata/RHSA-2013:0632
rhas Moderate https://access.redhat.com/errata/RHSA-2013:0633
rhas Important https://access.redhat.com/errata/RHSA-2013:0640
rhas Moderate https://access.redhat.com/errata/RHSA-2013:0647
rhas Moderate https://access.redhat.com/errata/RHSA-2013:0648
rhas Important https://access.redhat.com/errata/RHSA-2013:0665
rhas Important https://access.redhat.com/errata/RHSA-2013:0726
rhas Important https://access.redhat.com/errata/RHSA-2013:1006
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.00403 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.00403 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.00403 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.00403 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.00558 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.00558 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.00558 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.01018 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.01018 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
epss 0.01387 https://api.first.org/data/v1/epss?cve=CVE-2012-5886
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=873664
generic_textual MODERATE https://exchange.xforce.ibmcloud.com/vulnerabilities/80407
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-9xrj-439h-62hg
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2012-5886
generic_textual MODERATE http://svn.apache.org/viewvc?view=revision&revision=1377807
generic_textual MODERATE http://svn.apache.org/viewvc?view=revision&revision=1380829
generic_textual MODERATE http://svn.apache.org/viewvc?view=revision&revision=1392248
cvssv3.1 4.2 http://tomcat.apache.org/security-5.html
generic_textual MODERATE http://tomcat.apache.org/security-5.html
cvssv3.1 9.8 http://tomcat.apache.org/security-6.html
generic_textual CRITICAL http://tomcat.apache.org/security-6.html
cvssv3.1 9.8 http://tomcat.apache.org/security-7.html
generic_textual CRITICAL http://tomcat.apache.org/security-7.html
generic_textual MODERATE http://www-01.ibm.com/support/docview.wss?uid=swg21626891
generic_textual MODERATE http://www.ubuntu.com/usn/USN-1637-1
Reference id Reference type URL
http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html
http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html
http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html
http://rhn.redhat.com/errata/RHSA-2013-0623.html
http://rhn.redhat.com/errata/RHSA-2013-0629.html
http://rhn.redhat.com/errata/RHSA-2013-0631.html
http://rhn.redhat.com/errata/RHSA-2013-0632.html
http://rhn.redhat.com/errata/RHSA-2013-0633.html
http://rhn.redhat.com/errata/RHSA-2013-0640.html
http://rhn.redhat.com/errata/RHSA-2013-0647.html
http://rhn.redhat.com/errata/RHSA-2013-0648.html
http://rhn.redhat.com/errata/RHSA-2013-0726.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5886.json
https://api.first.org/data/v1/epss?cve=CVE-2012-5886
http://secunia.com/advisories/51371
https://exchange.xforce.ibmcloud.com/vulnerabilities/80407
http://svn.apache.org/viewvc?view=revision&revision=1377807
http://svn.apache.org/viewvc?view=revision&revision=1380829
http://svn.apache.org/viewvc?view=revision&revision=1392248
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-7.html
http://www-01.ibm.com/support/docview.wss?uid=swg21626891
http://www.securityfocus.com/bid/56403
http://www.ubuntu.com/usn/USN-1637-1
692439 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692439
873664 https://bugzilla.redhat.com/show_bug.cgi?id=873664
cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.28:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.28:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.29:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.29:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.30:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.30:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.31:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.31:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.32:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.32:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.33:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.33:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.34:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.34:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.35:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.35:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.2:beta:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.4:alpha:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.4:alpha:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.6:alpha:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.6:alpha:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.7:alpha:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.7:alpha:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.7:beta:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.7:beta:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.8:alpha:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.8:alpha:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.9:beta:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.9:beta:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*
CVE-2012-5886 https://nvd.nist.gov/vuln/detail/CVE-2012-5886
GHSA-9xrj-439h-62hg https://github.com/advisories/GHSA-9xrj-439h-62hg
GLSA-201412-29 https://security.gentoo.org/glsa/201412-29
RHSA-2013:0265 https://access.redhat.com/errata/RHSA-2013:0265
RHSA-2013:0266 https://access.redhat.com/errata/RHSA-2013:0266
RHSA-2013:0623 https://access.redhat.com/errata/RHSA-2013:0623
RHSA-2013:0629 https://access.redhat.com/errata/RHSA-2013:0629
RHSA-2013:0631 https://access.redhat.com/errata/RHSA-2013:0631
RHSA-2013:0632 https://access.redhat.com/errata/RHSA-2013:0632
RHSA-2013:0633 https://access.redhat.com/errata/RHSA-2013:0633
RHSA-2013:0640 https://access.redhat.com/errata/RHSA-2013:0640
RHSA-2013:0647 https://access.redhat.com/errata/RHSA-2013:0647
RHSA-2013:0648 https://access.redhat.com/errata/RHSA-2013:0648
RHSA-2013:0665 https://access.redhat.com/errata/RHSA-2013:0665
RHSA-2013:0726 https://access.redhat.com/errata/RHSA-2013:0726
RHSA-2013:1006 https://access.redhat.com/errata/RHSA-2013:1006
USN-1637-1 https://usn.ubuntu.com/1637-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2012-5886
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at http://tomcat.apache.org/security-5.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://tomcat.apache.org/security-6.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://tomcat.apache.org/security-7.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.72022
EPSS Score 0.00342
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.