CVE-2004-1082
First published: Tue Feb 03 2004(Updated: )
mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM HTTP Server | =1.3.19 | |
| HP VirtualVault | =4.5 | |
| Avaya Aura Communication Manager | =2.0.1 | |
| Apache Http Server | =1.3.23 | |
| Apache Http Server | =1.3.27 | |
| Apache Http Server | =1.3.1 | |
| Apache Http Server | =1.3.25 | |
| Apache Http Server | =1.3.28 | |
| Apache Http Server | =1.3.19 | |
| Apache Http Server | =1.3.24 | |
| Apache Http Server | =1.3.20 | |
| Apache Http Server | =1.3.7 | |
| Apache Http Server | =1.3.6 | |
| Apache Http Server | =1.3.4 | |
| Avaya Intuity Audix LX | ||
| Apache Http Server | =1.3.18 | |
| HP VirtualVault | =4.7 | |
| Apache Http Server | =1.3 | |
| Apache Http Server | =1.3.12 | |
| HP VirtualVault | =4.6 | |
| Apache Http Server | =1.3.3 | |
| Apache Http Server | =1.3.17 | |
| Avaya Aura Communication Manager | =2.0 | |
| Apache Http Server | =1.3.26 | |
| Apache Http Server | =1.3.9 | |
| HP Praesidium Webproxy | =a.02.00 | |
| Apache mod digest | ||
| Apache Http Server | =1.3.14 | |
| Apache Http Server | =1.3.29 | |
| HP Praesidium Webproxy | =a.02.10 | |
| Apache Http Server | =1.3.22 | |
| Apache Http Server | =1.3.11 | |
| Avaya Aura Communication Manager | =1.1 | |
| Avaya Aura Communication Manager | =1.3.1 | |
| Avaya Modular Messaging Message Storage Server | =2.0 | |
| SunOS | =5.8 | |
| Avaya MN100 | ||
| Oracle Solaris and Zettabyte File System (ZFS) | =9.0 | |
| SCO OpenServer | =5.0.7 | |
| Avaya Network Routing | ||
| Oracle Solaris and Zettabyte File System (ZFS) | =9.0 | |
| OpenBSD | =3.5 | |
| Avaya Modular Messaging Message Storage Server | =1.1 | |
| SCO OpenServer | =5.0.6 | |
| OpenBSD | =current | |
| OpenBSD | =3.4 | |
| Oracle Solaris and Zettabyte File System (ZFS) | =8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2004-1082?
CVE-2004-1082 is considered a moderate severity vulnerability due to the potential for credential replay attacks.
How do I fix CVE-2004-1082?
To fix CVE-2004-1082, upgrade to a patched version of mod_digest_apple or Apache where the nonce verification issue is resolved.
Which software versions are affected by CVE-2004-1082?
CVE-2004-1082 affects Apache versions 1.3.1 to 1.3.32 and specific versions of HP VirtualVault, Avaya Communication Manager, and other applications that use mod_digest_apple.
What type of attack can exploit CVE-2004-1082?
CVE-2004-1082 can be exploited through replay attacks where an attacker captures and reuses valid credentials.
Is there a workaround for CVE-2004-1082?
While a direct workaround for CVE-2004-1082 is not specified, disabling mod_digest may reduce risk until a proper update can be applied.
- agent/type
- agent/remedy
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/ibm
- canonical/ibm http server
- version/ibm http server/1.3.19
- vendor/hp
- canonical/hp virtualvault
- version/hp virtualvault/4.5
- vendor/avaya
- canonical/avaya aura communication manager
- version/avaya aura communication manager/2.0.1
- vendor/apache
- canonical/apache http server
- version/apache http server/1.3.23
- version/apache http server/1.3.27
- version/apache http server/1.3.1
- version/apache http server/1.3.25
- version/apache http server/1.3.28
- version/apache http server/1.3.19
- version/apache http server/1.3.24
- version/apache http server/1.3.20
- version/apache http server/1.3.7
- version/apache http server/1.3.6
- version/apache http server/1.3.4
- canonical/avaya intuity audix lx
- version/apache http server/1.3.18
- version/hp virtualvault/4.7
- version/apache http server/1.3
- version/apache http server/1.3.12
- version/hp virtualvault/4.6
- version/apache http server/1.3.3
- version/apache http server/1.3.17
- version/avaya aura communication manager/2.0
- version/apache http server/1.3.26
- version/apache http server/1.3.9
- canonical/hp praesidium webproxy
- version/hp praesidium webproxy/a.02.00
- vendor/apple
- canonical/apache mod digest
- version/apache http server/1.3.14
- version/apache http server/1.3.29
- version/hp praesidium webproxy/a.02.10
- version/apache http server/1.3.22
- version/apache http server/1.3.11
- version/avaya aura communication manager/1.1
- version/avaya aura communication manager/1.3.1
- canonical/avaya modular messaging message storage server
- version/avaya modular messaging message storage server/2.0
- vendor/sun
- canonical/sunos
- version/sunos/5.8
- canonical/avaya mn100
- canonical/oracle solaris and zettabyte file system (zfs)
- version/oracle solaris and zettabyte file system (zfs)/9.0
- vendor/sco
- canonical/sco openserver
- version/sco openserver/5.0.7
- canonical/avaya network routing
- vendor/openbsd
- canonical/openbsd
- version/openbsd/3.5
- version/avaya modular messaging message storage server/1.1
- version/sco openserver/5.0.6
- version/openbsd/current
- version/openbsd/3.4
- version/oracle solaris and zettabyte file system (zfs)/8.0