In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache http server 2.4.1 |
||
apache http server 2.4.20 |
||
apache http server 2.4.6 |
||
apache http server 2.4.12 |
||
apache http server 2.4.3 |
||
apache http server 2.4.23 |
||
apache http server 2.4.4 |
||
apache http server 2.4.10 |
||
apache http server 2.4.7 |
||
apache http server 2.4.25 |
||
apache http server 2.4.26 |
||
apache http server 2.4.18 |
||
apache http server 2.4.2 |
||
apache http server 2.4.17 |
||
apache http server 2.4.16 |
||
apache http server 2.4.9 |
||
apache http server 2.4.27 |
||
apache http server 2.4.29 |
||
apache http server 2.4.28 |
||
canonical ubuntu linux 17.10 |
||
canonical ubuntu linux 18.04 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 12.04 |
||
debian debian linux 8.0 |
||
debian debian linux 7.0 |
||
debian debian linux 9.0 |
||
netapp cloud backup - |
||
netapp storagegrid - |
||
netapp clustered data ontap - |
||
redhat jboss_core_services 1.0 |
||
redhat enterprise linux desktop 7.0 |
||
redhat enterprise linux workstation 7.0 |
||
redhat enterprise linux server 7.0 |
||
redhat enterprise linux server tus 7.6 |
||
redhat enterprise linux server aus 7.6 |
||
redhat enterprise linux eus 7.6 |