CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
72.9%
mod_digest does not properly verify the nonce of a client response by using a AuthNonce secret. This could allow a malicious user who is able to sniff network traffic to conduct a replay attack against a website using Digest protection. Note that mod_digest implements an older version of the MD5 Digest Authentication specification which is known not to work with modern browsers. This issue does not affect mod_auth_digest.
Vendor | Product | Version | CPE |
---|---|---|---|
apache | apache_httpd | 1.3.29 | cpe:2.3:a:apache:apache_httpd:1.3.29:*:*:*:*:*:*:* |
apache | apache_httpd | 1.3.28 | cpe:2.3:a:apache:apache_httpd:1.3.28:*:*:*:*:*:*:* |
apache | apache_httpd | 1.3.27 | cpe:2.3:a:apache:apache_httpd:1.3.27:*:*:*:*:*:*:* |
apache | apache_httpd | 1.3.26 | cpe:2.3:a:apache:apache_httpd:1.3.26:*:*:*:*:*:*:* |
apache | apache_httpd | 1.3.24 | cpe:2.3:a:apache:apache_httpd:1.3.24:*:*:*:*:*:*:* |
apache | apache_httpd | 1.3.22 | cpe:2.3:a:apache:apache_httpd:1.3.22:*:*:*:*:*:*:* |
apache | apache_httpd | 1.3.20 | cpe:2.3:a:apache:apache_httpd:1.3.20:*:*:*:*:*:*:* |
apache | apache_httpd | 1.3.19 | cpe:2.3:a:apache:apache_httpd:1.3.19:*:*:*:*:*:*:* |
apache | apache_httpd | 1.3.17 | cpe:2.3:a:apache:apache_httpd:1.3.17:*:*:*:*:*:*:* |
apache | apache_httpd | 1.3.14 | cpe:2.3:a:apache:apache_httpd:1.3.14:*:*:*:*:*:*:* |