Vulnerability CVE-2004-1082


Published: 2004-02-03   Modified: 2008-09-05

Description:
mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.

Vendor: Openbsd
Product: Openbsd 
Version:
current
3.5
3.4
Vendor: HP
Product: Webproxy 
Version: a.02.10; a.02.00;
Product: Virtualvault 
Version:
4.7
4.6
4.5
Vendor: SUN
Product: Solaris 
Version: 9.0; 8.0;
Vendor: SCO
Product: Openserver 
Version: 5.0.7; 5.0.6;
Vendor: Avaya
Product: Communication manager 
Version:
2.0.1
2.0
1.3.1
1.1
Product: Modular messaging message storage server 
Version: 2.0; 1.1;
Product: Intuity audix lx 
Product: Mn100 
Product: Network routing 
Vendor: Apache
Product: Http server 
Version:
1.3.9
1.3.7
1.3.6
1.3.4
1.3.3
1.3.29
1.3.28
1.3.27
1.3.26
1.3.25
1.3.24
1.3.23
1.3.22
1.3.20
1.3.19
1.3.18
1.3.17
1.3.14
1.3.12
1.3.11
1.3.1
1.3
Vendor: IBM
Product: Http server 
Version: 1.3.19;
Vendor: Apple
Product: Apache mod digest apple 

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://xforce.iss.net/xforce/xfdb/18347
http://www.securitytracker.com/alerts/2004/Dec/1012414.html
http://www.securityfocus.com/bid/9571
http://www.ciac.org/ciac/bulletins/p-049.shtml
http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html

Related CVE
CVE-2010-1821
Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows local users to obtain system privileges.
CVE-2010-1816
Buffer overflow in ImageIO in Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a crafted image.
CVE-2017-2387
The Apple Music (aka com.apple.android.music) application before 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2017-6975
Wi-Fi in Apple iOS before 10.3.1 does not prevent CVE-2017-6956 stack buffer overflow exploitation via a crafted access point. NOTE: because an operating system could potentially isolate itself from CVE-2017-6956 exploitation without patching Broadc...
CVE-2017-5949
JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 22, allows remote attackers to cause a denial of service (heap-based out-of-bounds write and application crash) or possibly have unspecified other impact via crafted JavaSc...
CVE-2016-10226
JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (bitfield out-of-bounds read and application crash) via crafted JavaScript code that is mishandled in the operatorS...
CVE-2016-10222
runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (segmentation violation and application crash) via crafted JavaScript code that triggers ...
CVE-2017-6974
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the system-installation subsystem of the "System Integrity Protection" component. It allows attackers to modify the contents of a protected disk l...

Copyright 2017, cxsecurity.com