Vulnerability in Apache Http_server
CVE-2004-1082
mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
EPSS: 0.076 (93.8th percentile) — read the EPSS interpretation.
Affected products
- Apache Http_server — versions 1.3, 1.3.1, 1.3.3
- Apple Apache_mod_digest_apple
- Avaya Communication_manager — versions 1.1, 1.3.1, 2.0
- Avaya Intuity_audix_lx
- Avaya Mn100
- Avaya Modular_messaging_message_storage_server — versions 1.1, 2.0
- Avaya Network_routing
- Hp Virtualvault — versions 4.5, 4.6, 4.7
- Hp Webproxy — versions a.02.00, a.02.10
- Ibm Http_server — versions 1.3.19
References
- cve@mitre.org (vdb-entry, x_refsource_XF)
- cve@mitre.org (vendor-advisory, x_refsource_APPLE, Patch, Vendor Advisory)
- cve@mitre.org (Patch, vdb-entry, x_refsource_SECTRACK, Vendor Advisory)
- cve@mitre.org (Patch, vdb-entry, x_refsource_BID, Vendor Advisory)
- cve@mitre.org (Patch, government-resource, Vendor Advisory, x_refsource_CIAC, third-party-advisory)