Apache HTTP server - (bulletinapr2018)ID: oval:org.secpod.oval:def:2102043 | Date: (C)2019-11-24 (M)2024-01-29 |
Class: PATCH | Family: unix |
In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.
Product: |
web/server/apache-24 |
web/server/apache-24/module/apache-ssl |
web/server/apache-24/module/apache-ssl-fips-140 |
web/server/apache-24/module/apache-lua |
web/server/apache-24/module/apache-ldap |
web/server/apache-24/module/apache-dbd |