Home

CVE-2018-1312

Description

In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
6.949

Associated Vulnerability

VulnerabilityOS Platform
Update Apache to version 2.4.33Windows
Multiple vulnerabilities are fixed in Apache 2.4.33Windows
SUSE-SU-2018:1079-1(SUSE Linux Enterprise Server 11-SP4 ) apache2-2.2.34-70.15.1.x86_64.rpmLinux
SUSE-SU-2018:1079-1(SUSE Linux Enterprise Server 11-SP4 ) apache2-doc-2.2.34-70.15.1.x86_64.rpmLinux
SUSE-SU-2018:1079-1(SUSE Linux Enterprise Server 11-SP4 ) apache2-example-pages-2.2.34-70.15.1.x86_64.rpmLinux
SUSE-SU-2018:1079-1(SUSE Linux Enterprise Server 11-SP4 ) apache2-prefork-2.2.34-70.15.1.x86_64.rpmLinux
SUSE-SU-2018:1079-1(SUSE Linux Enterprise Server 11-SP4 ) apache2-utils-2.2.34-70.15.1.x86_64.rpmLinux
SUSE-SU-2018:1079-1(SUSE Linux Enterprise Server 11-SP4 ) apache2-worker-2.2.34-70.15.1.x86_64.rpmLinux
Httpd update (ELSA-2019-1898) httpd-2.4.6-89.0.1.el7_6.1.x86_64.rpmLinux
Httpd-devel update (ELSA-2019-1898) httpd-devel-2.4.6-89.0.1.el7_6.1.x86_64.rpmLinux
Httpd-tools update (ELSA-2019-1898) httpd-tools-2.4.6-89.0.1.el7_6.1.x86_64.rpmLinux
Mod_ldap update (ELSA-2019-1898) mod_ldap-2.4.6-89.0.1.el7_6.1.x86_64.rpmLinux
Mod_proxy_html update (ELSA-2019-1898) mod_proxy_html-2.4.6-89.0.1.el7_6.1.x86_64.rpmLinux
Mod_session update (ELSA-2019-1898) mod_session-2.4.6-89.0.1.el7_6.1.x86_64.rpmLinux
Mod_ssl update (ELSA-2019-1898) mod_ssl-2.4.6-89.0.1.el7_6.1.x86_64.rpmLinux
Httpd-manual update (ELSA-2019-1898) httpd-manual-2.4.6-89.0.1.el7_6.1.noarch.rpmLinux
Update Apache to version 2.4.33 (For Linux)Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234