Lucene search

CVE-2018-1312

🗓️ 26 Mar 2018 15:00:29Reported by [email protected]Type

When generating HTTP Digest authentication challenge, Apache httpd 2.2.0 to 2.4.29 did not use correct pseudo-random seed for nonce, allowing replay attacks in server cluster

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 115
RedHat Linux	(RHSA-2019:1898) Low: httpd security update	29 Jul 201912:50	–	redhat
RedHat Linux	(RHSA-2019:0367) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update	18 Feb 201916:47	–	redhat
RedHat Linux	(RHSA-2019:0366) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP1 security update	18 Feb 201916:45	–	redhat
RedHat Linux	(RHSA-2018:3558) Moderate: httpd24 security, bug fix, and enhancement update	13 Nov 201808:00	–	redhat
RedhatCVE	CVE-2018-1312	10 Oct 201915:19	–	redhatcve
Tenable Nessus	CentOS 7 : httpd (CESA-2019:1898)	12 Aug 201900:00	–	nessus
Tenable Nessus	NewStart CGSL CORE 5.04 / MAIN 5.04 : httpd Vulnerability (NS-SA-2019-0182)	15 Oct 201900:00	–	nessus
Tenable Nessus	RHEL 7 : httpd (RHSA-2019:1898)	12 Aug 201900:00	–	nessus
Tenable Nessus	NewStart CGSL CORE 5.05 / MAIN 5.05 : httpd Vulnerability (NS-SA-2019-0172)	11 Sep 201900:00	–	nessus
Tenable Nessus	Scientific Linux Security Update : httpd on SL7.x x86_64 (20190729)	12 Aug 201900:00	–	nessus

Nvd

Node

apache http_serverMatch2.4.1

apache http_serverMatch2.4.2

apache http_serverMatch2.4.3

apache http_serverMatch2.4.4

apache http_serverMatch2.4.6

apache http_serverMatch2.4.7

apache http_serverMatch2.4.9

apache http_serverMatch2.4.10

apache http_serverMatch2.4.12

apache http_serverMatch2.4.16

apache http_serverMatch2.4.17

apache http_serverMatch2.4.18

apache http_serverMatch2.4.20

apache http_serverMatch2.4.23

apache http_serverMatch2.4.25

apache http_serverMatch2.4.26

apache http_serverMatch2.4.27

apache http_serverMatch2.4.28

apache http_serverMatch2.4.29

Node

canonical ubuntu_linuxMatch12.04-

canonical ubuntu_linuxMatch14.04esm

canonical ubuntu_linuxMatch16.04esm

canonical ubuntu_linuxMatch17.10

canonical ubuntu_linuxMatch18.04lts

Node

debian debian_linuxMatch7.0

debian debian_linuxMatch8.0

debian debian_linuxMatch9.0

Node

netapp cloud_backupMatch-

netapp storagegridMatch-

netapp clustered_data_ontapMatch-

Node

redhat jboss_core_servicesMatch1.0

AND

redhat enterprise_linuxMatch6.0

redhat enterprise_linuxMatch7.0

Node

redhat enterprise_linux_desktopMatch7.0

redhat enterprise_linux_eusMatch7.6

redhat enterprise_linux_serverMatch7.0

redhat enterprise_linux_server_ausMatch7.6

redhat enterprise_linux_server_tusMatch7.6

redhat enterprise_linux_workstationMatch7.0

Source	Link
lists	www.lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E
lists	www.lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
lists	www.lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E
securitytracker	www.securitytracker.com/id/1040571
lists	www.lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E
access	www.access.redhat.com/errata/RHSA-2019:1898
support	www.support.hpe.com/hpsc/doc/public/display
access	www.access.redhat.com/errata/RHSA-2018:3558
lists	www.lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E
lists	www.lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

26 Mar 2018 15:29Current

9.4High risk

Vulners AI Score9.4

CVSS26.8

CVSS39.8

EPSS0.05503

CWE-287