In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
|
History
07 Nov 2023, 02:55
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
07 Sep 2022, 17:45
Type | Values Removed | Values Added |
---|---|---|
First Time |
Redhat enterprise Linux Workstation
Redhat enterprise Linux Eus Redhat enterprise Linux Server Tus Netapp cloud Backup Redhat enterprise Linux Server Redhat jboss Core Services Redhat enterprise Linux Server Aus Redhat enterprise Linux Desktop |
|
CPE | cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:* cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:* |
cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:* cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:* cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:* cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.4.29:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.4.28:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* |
References | (MLIST) https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:1898 - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (SECTRACK) http://www.securitytracker.com/id/1040571 - Broken Link, Third Party Advisory, VDB Entry | |
References | (CONFIRM) https://www.tenable.com/security/tns-2019-09 - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory |
06 Jun 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 Jun 2021, 08:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Mar 2021, 12:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2018-03-26 15:29
Updated : 2023-12-10 12:30
NVD link : CVE-2018-1312
Mitre link : CVE-2018-1312
CVE.ORG link : CVE-2018-1312
JSON object : View
Products Affected
debian
- debian_linux
redhat
- enterprise_linux
- jboss_core_services
- enterprise_linux_server_aus
- enterprise_linux_server_tus
- enterprise_linux_server
- enterprise_linux_workstation
- enterprise_linux_desktop
- enterprise_linux_eus
netapp
- cloud_backup
- storagegrid
- clustered_data_ontap
apache
- http_server
canonical
- ubuntu_linux
CWE
CWE-287
Improper Authentication