Lucene search

K
httpdApache Team FoundationHTTPD:EA65344DAE2D5CDBD3227D99A03949E9
HistoryDec 18, 2003 - 12:00 a.m.

Apache Httpd < 1.3.31 : mod_digest nonce checking

2003-12-1800:00:00
Apache Team Foundation
httpd.apache.org
27

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.004

Percentile

72.9%

mod_digest does not properly verify the nonce of a client response by using a AuthNonce secret. This could allow a malicious user who is able to sniff network traffic to conduct a replay attack against a website using Digest protection. Note that mod_digest implements an older version of the MD5 Digest Authentication specification which is known not to work with modern browsers. This issue does not affect mod_auth_digest.

Affected configurations

Vulners
Node
apacheapache_httpdMatch1.3.29
OR
apacheapache_httpdMatch1.3.28
OR
apacheapache_httpdMatch1.3.27
OR
apacheapache_httpdMatch1.3.26
OR
apacheapache_httpdMatch1.3.24
OR
apacheapache_httpdMatch1.3.22
OR
apacheapache_httpdMatch1.3.20
OR
apacheapache_httpdMatch1.3.19
OR
apacheapache_httpdMatch1.3.17
OR
apacheapache_httpdMatch1.3.14
OR
apacheapache_httpdMatch1.3.12
OR
apacheapache_httpdMatch1.3.11
OR
apacheapache_httpdMatch1.3.9
OR
apacheapache_httpdMatch1.3.6
OR
apacheapache_httpdMatch1.3.4
OR
apacheapache_httpdMatch1.3.3
OR
apacheapache_httpdMatch1.3.2
OR
apacheapache_httpdMatch1.3.1
OR
apacheapache_httpdMatch1.3.0
VendorProductVersionCPE
apacheapache_httpd1.3.29cpe:2.3:a:apache:apache_httpd:1.3.29:*:*:*:*:*:*:*
apacheapache_httpd1.3.28cpe:2.3:a:apache:apache_httpd:1.3.28:*:*:*:*:*:*:*
apacheapache_httpd1.3.27cpe:2.3:a:apache:apache_httpd:1.3.27:*:*:*:*:*:*:*
apacheapache_httpd1.3.26cpe:2.3:a:apache:apache_httpd:1.3.26:*:*:*:*:*:*:*
apacheapache_httpd1.3.24cpe:2.3:a:apache:apache_httpd:1.3.24:*:*:*:*:*:*:*
apacheapache_httpd1.3.22cpe:2.3:a:apache:apache_httpd:1.3.22:*:*:*:*:*:*:*
apacheapache_httpd1.3.20cpe:2.3:a:apache:apache_httpd:1.3.20:*:*:*:*:*:*:*
apacheapache_httpd1.3.19cpe:2.3:a:apache:apache_httpd:1.3.19:*:*:*:*:*:*:*
apacheapache_httpd1.3.17cpe:2.3:a:apache:apache_httpd:1.3.17:*:*:*:*:*:*:*
apacheapache_httpd1.3.14cpe:2.3:a:apache:apache_httpd:1.3.14:*:*:*:*:*:*:*
Rows per page:
1-10 of 191

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.004

Percentile

72.9%

Related for HTTPD:EA65344DAE2D5CDBD3227D99A03949E9