CVE-2004-1082

mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.7:*:dev:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.27:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.28:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.29:*:*:*:*:*:*:*
cpe:2.3:a:apple:apache_mod_digest_apple:*:*:*:*:*:*:*:*
cpe:2.3:a:avaya:communication_manager:1.1:*:*:*:*:*:*:*
cpe:2.3:a:avaya:communication_manager:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:avaya:communication_manager:2.0:*:*:*:*:*:*:*
cpe:2.3:a:avaya:communication_manager:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:avaya:intuity_audix_lx:*:*:*:*:*:*:*:*
cpe:2.3:a:hp:virtualvault:4.5:*:*:*:*:*:*:*
cpe:2.3:a:hp:virtualvault:4.6:*:*:*:*:*:*:*
cpe:2.3:a:hp:virtualvault:4.7:*:*:*:*:*:*:*
cpe:2.3:a:hp:webproxy:a.02.00:*:*:*:*:*:*:*
cpe:2.3:a:hp:webproxy:a.02.10:*:*:*:*:*:*:*
cpe:2.3:a:ibm:http_server:1.3.19:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:avaya:mn100:*:*:*:*:*:*:*:*
cpe:2.3:a:avaya:network_routing:*:*:*:*:*:*:*:*
cpe:2.3:o:avaya:modular_messaging_message_storage_server:1.1:*:*:*:*:*:*:*
cpe:2.3:o:avaya:modular_messaging_message_storage_server:2.0:*:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:3.5:*:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:current:*:*:*:*:*:*:*
cpe:2.3:o:sco:openserver:5.0.6:*:*:*:*:*:*:*
cpe:2.3:o:sco:openserver:5.0.7:*:*:*:*:*:*:*
cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*
cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*
cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*

History

No history.

Information

Published : 2004-02-03 05:00

Updated : 2024-02-04 16:31


NVD link : CVE-2004-1082

Mitre link : CVE-2004-1082

CVE.ORG link : CVE-2004-1082


JSON object : View

Products Affected

apple

  • apache_mod_digest_apple

avaya

  • communication_manager
  • intuity_audix_lx
  • mn100
  • network_routing
  • modular_messaging_message_storage_server

sun

  • sunos
  • solaris

hp

  • webproxy
  • virtualvault

ibm

  • http_server

openbsd

  • openbsd

apache

  • http_server

sco

  • openserver