First published: Tue Feb 03 2004(Updated: )
mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
IBM HTTP Server | =1.3.19 | |
HP VirtualVault | =4.5 | |
Avaya Aura Communication Manager | =2.0.1 | |
Apache Http Server | =1.3.23 | |
Apache Http Server | =1.3.27 | |
Apache Http Server | =1.3.1 | |
Apache Http Server | =1.3.25 | |
Apache Http Server | =1.3.28 | |
Apache Http Server | =1.3.19 | |
Apache Http Server | =1.3.24 | |
Apache Http Server | =1.3.20 | |
Apache Http Server | =1.3.7 | |
Apache Http Server | =1.3.6 | |
Apache Http Server | =1.3.4 | |
Avaya Intuity Audix LX | ||
Apache Http Server | =1.3.18 | |
HP VirtualVault | =4.7 | |
Apache Http Server | =1.3 | |
Apache Http Server | =1.3.12 | |
HP VirtualVault | =4.6 | |
Apache Http Server | =1.3.3 | |
Apache Http Server | =1.3.17 | |
Avaya Aura Communication Manager | =2.0 | |
Apache Http Server | =1.3.26 | |
Apache Http Server | =1.3.9 | |
HP Praesidium Webproxy | =a.02.00 | |
Apache mod digest | ||
Apache Http Server | =1.3.14 | |
Apache Http Server | =1.3.29 | |
HP Praesidium Webproxy | =a.02.10 | |
Apache Http Server | =1.3.22 | |
Apache Http Server | =1.3.11 | |
Avaya Aura Communication Manager | =1.1 | |
Avaya Aura Communication Manager | =1.3.1 | |
Avaya Modular Messaging Message Storage Server | =2.0 | |
SunOS | =5.8 | |
Avaya MN100 | ||
Oracle Solaris and Zettabyte File System (ZFS) | =9.0 | |
SCO OpenServer | =5.0.7 | |
Avaya Network Routing | ||
Oracle Solaris and Zettabyte File System (ZFS) | =9.0 | |
OpenBSD | =3.5 | |
Avaya Modular Messaging Message Storage Server | =1.1 | |
SCO OpenServer | =5.0.6 | |
OpenBSD | =current | |
OpenBSD | =3.4 | |
Oracle Solaris and Zettabyte File System (ZFS) | =8.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2004-1082 is considered a moderate severity vulnerability due to the potential for credential replay attacks.
To fix CVE-2004-1082, upgrade to a patched version of mod_digest_apple or Apache where the nonce verification issue is resolved.
CVE-2004-1082 affects Apache versions 1.3.1 to 1.3.32 and specific versions of HP VirtualVault, Avaya Communication Manager, and other applications that use mod_digest_apple.
CVE-2004-1082 can be exploited through replay attacks where an attacker captures and reuses valid credentials.
While a direct workaround for CVE-2004-1082 is not specified, disabling mod_digest may reduce risk until a proper update can be applied.