Podatność CVE-2004-1082


Publikacja: 2004-02-03   Modyfikacja: 2012-02-12

Opis:
mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.

Typ:

CWE-Other

Producent: Openbsd
Produkt: Openbsd 
Wersje:
current
3.5
3.4
Producent: HP
Produkt: Webproxy 
Wersje: a.02.10; a.02.00;
Produkt: Virtualvault 
Wersje:
4.7
4.6
4.5
Producent: SUN
Produkt: Solaris 
Wersje: 9.0; 8.0;
Produkt: Sunos 
Wersje: 5.8;
Producent: SCO
Produkt: Openserver 
Wersje: 5.0.7; 5.0.6;
Producent: Avaya
Produkt: Communication manager 
Wersje:
2.0.1
2.0
1.3.1
1.1
Produkt: Modular messaging message storage server 
Wersje: 2.0; 1.1;
Produkt: Intuity audix lx 
Produkt: Network routing 
Produkt: Mn100 
Producent: Apache
Produkt: Http server 
Wersje:
1.3.9
1.3.7
1.3.6
1.3.4
1.3.3
1.3.29
1.3.28
1.3.27
1.3.26
1.3.25
1.3.24
1.3.23
1.3.22
1.3.20
1.3.19
1.3.18
1.3.17
1.3.14
1.3.12
1.3.11
1.3.1
1.3
Producent: IBM
Produkt: Http server 
Wersje: 1.3.19;
Producent: Apple
Produkt: Apache mod digest apple 

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
7.5/10
6.4/10
10/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Zdalny
Niska
Nie wymagana
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Częściowy
Częściowy
Częściowy

 Referencje:
http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html
http://www.ciac.org/ciac/bulletins/p-049.shtml
http://www.securityfocus.com/bid/9571
http://www.securitytracker.com/alerts/2004/Dec/1012414.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/18347

Podobne CVE
CVE-2018-4470
A privacy issue in the handling of Open Directory records was addressed with improved indexing. This issue affected versions prior to macOS High Sierra 10.13.6.
CVE-2018-4465
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
CVE-2018-4464
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.
CVE-2018-4463
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.2.
CVE-2018-4462
A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.2.
CVE-2018-4461
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
CVE-2018-4460
A denial of service issue was addressed by removing the vulnerable code. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
CVE-2018-4456
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS High Sierra 10.13.6, macOS Mojave 10.14.

Copyright 2019, cxsecurity.com

 

Back to Top