Podatność CVE-2004-1082


Publikacja: 2004-02-03   Modyfikacja: 2012-02-12

Opis:
mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.

Typ:

CWE-Other

Producent: Openbsd
Produkt: Openbsd 
Wersje:
current
3.5
3.4
Producent: HP
Produkt: Webproxy 
Wersje: a.02.10; a.02.00;
Produkt: Virtualvault 
Wersje:
4.7
4.6
4.5
Producent: SUN
Produkt: Solaris 
Wersje: 9.0; 8.0;
Produkt: Sunos 
Wersje: 5.8;
Producent: SCO
Produkt: Openserver 
Wersje: 5.0.7; 5.0.6;
Producent: Avaya
Produkt: Communication manager 
Wersje:
2.0.1
2.0
1.3.1
1.1
Produkt: Modular messaging message storage server 
Wersje: 2.0; 1.1;
Produkt: Intuity audix lx 
Produkt: Network routing 
Produkt: Mn100 
Producent: Apache
Produkt: Http server 
Wersje:
1.3.9
1.3.7
1.3.6
1.3.4
1.3.3
1.3.29
1.3.28
1.3.27
1.3.26
1.3.25
1.3.24
1.3.23
1.3.22
1.3.20
1.3.19
1.3.18
1.3.17
1.3.14
1.3.12
1.3.11
1.3.1
1.3
Producent: IBM
Produkt: Http server 
Wersje: 1.3.19;
Producent: Apple
Produkt: Apache mod digest apple 

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
7.5/10
6.4/10
10/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Zdalny
Niska
Nie wymagana
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Częściowy
Częściowy
Częściowy

 Referencje:
http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html
http://www.ciac.org/ciac/bulletins/p-049.shtml
http://www.securityfocus.com/bid/9571
http://www.securitytracker.com/alerts/2004/Dec/1012414.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/18347

Podobne CVE
CVE-2019-9518
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONT...
CVE-2019-9517
Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so...
CVE-2019-9516
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater h...
CVE-2019-9515
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS f...
CVE-2019-9514
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the p...
CVE-2019-9513
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the...
CVE-2019-9512
Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this d...
CVE-2019-9511
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. T...

Copyright 2019, cxsecurity.com

 

Back to Top