Lucene search

[email protected]CVE-2003-0987

HistoryMar 03, 2004 - 5:00 a.m.

CVE-2003-0987

2004-03-0305:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2003-0987

mod_digest

apache

authnonce

security vulnerability

nonce verification

6.2 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

72.7%

JSON

mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.

CPENameOperatorVersion
apache:http_serverapache http serverle1.3.30

CPE	Name	Operator	Version
apache:http_server	apache http server	le	1.3.30

References

marc.info/?l=bugtraq&m=108437852004207&w=2

security.gentoo.org/glsa/glsa-200405-22.xml

securitytracker.com/id?1008920

sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1

sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1

sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1

www.mail-archive.com/dev%40httpd.apache.org/msg19007.html

www.mail-archive.com/dev%40httpd.apache.org/msg19014.html

www.mandriva.com/security/advisories?name=MDKSA-2004:046

www.redhat.com/support/errata/RHSA-2004-600.html

www.redhat.com/support/errata/RHSA-2005-816.html

www.securityfocus.com/bid/9571

www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643

www.trustix.org/errata/2004/0027

exchange.xforce.ibmcloud.com/vulnerabilities/15041

lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100108

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4416

6.2 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

72.7%

JSON

Related for CVE-2003-0987

f52 ubuntucve1 httpd1 cvelist1 nessus10 redhat1 openvas4 slackware1 gentoo1 suse2