Vulnerability CVE-2004-1082


Published: 2004-02-03   Modified: 2008-09-05

Description:
mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.

Vendor: Openbsd
Product: Openbsd 
Version:
current
3.5
3.4
Vendor: HP
Product: Webproxy 
Version: a.02.10; a.02.00;
Product: Virtualvault 
Version:
4.7
4.6
4.5
Vendor: SUN
Product: Solaris 
Version: 9.0; 8.0;
Vendor: SCO
Product: Openserver 
Version: 5.0.7; 5.0.6;
Vendor: Avaya
Product: Communication manager 
Version:
2.0.1
2.0
1.3.1
1.1
Product: Modular messaging message storage server 
Version: 2.0; 1.1;
Product: Intuity audix lx 
Product: Mn100 
Product: Network routing 
Vendor: Apache
Product: Http server 
Version:
1.3.9
1.3.7
1.3.6
1.3.4
1.3.3
1.3.29
1.3.28
1.3.27
1.3.26
1.3.25
1.3.24
1.3.23
1.3.22
1.3.20
1.3.19
1.3.18
1.3.17
1.3.14
1.3.12
1.3.11
1.3.1
1.3
Vendor: IBM
Product: Http server 
Version: 1.3.19;
Vendor: Apple
Product: Apache mod digest apple 

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://xforce.iss.net/xforce/xfdb/18347
http://www.securitytracker.com/alerts/2004/Dec/1012414.html
http://www.securityfocus.com/bid/9571
http://www.ciac.org/ciac/bulletins/p-049.shtml
http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html

Related CVE
CVE-2017-7149
An issue was discovered in certain Apple products. macOS before 10.13 Supplemental Update is affected. The issue involves the "StorageKit" component. It allows attackers to discover passwords for APFS encrypted volumes by reading Disk Utility hints, ...
CVE-2017-7150
An issue was discovered in certain Apple products. macOS before 10.13 Supplemental Update is affected. The issue involves the "Security" component. It allows attackers to bypass the keychain access prompt, and consequently extract passwords, via a sy...
CVE-2017-7145
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Time" component. The "Setting Time Zone" feature mishandles the possibility of using location data.
CVE-2017-7148
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Location Framework" component. It allows attackers to obtain sensitive location information via a crafted app that reads the location variable.
CVE-2017-7146
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Security" component. It allows attackers to track users across installs via a crafted app that leverages Keychain data mishandling.
CVE-2017-7147
An issue was discovered in certain Apple products. The Apple Support app before 1.2 for iOS is affected. The issue involves the "Analytics" component. It allows remote attackers to obtain sensitive analytics information by leveraging its presence in ...
CVE-2017-7142
An issue was discovered in certain Apple products. Safari before 11 is affected. The issue involves the "WebKit Storage" component. It allows attackers to bypass the Safari Private Browsing protection mechanism, and consequently obtain sensitive info...
CVE-2017-7144
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to track Safari Private Browsing users by leveraging cookie mishandling.

Copyright 2017, cxsecurity.com

 

Back to Top