9.8

CVE-2018-1312

EPSS 9.08%
Veröffentlicht 26.03.2018 15:29:00
Zuletzt bearbeitet 21.11.2024 03:59:36
Quelle security@apache.org
Teams Watchlist Login
Unerledigt Login

In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 32

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ HTTP Server Version2.4.1

Apache ≫ HTTP Server Version2.4.2

Apache ≫ HTTP Server Version2.4.3

Apache ≫ HTTP Server Version2.4.4

Apache ≫ HTTP Server Version2.4.6

Apache ≫ HTTP Server Version2.4.7

Apache ≫ HTTP Server Version2.4.9

Apache ≫ HTTP Server Version2.4.10

Apache ≫ HTTP Server Version2.4.12

Apache ≫ HTTP Server Version2.4.16

Apache ≫ HTTP Server Version2.4.17

Apache ≫ HTTP Server Version2.4.18

Apache ≫ HTTP Server Version2.4.20

Apache ≫ HTTP Server Version2.4.23

Apache ≫ HTTP Server Version2.4.25

Apache ≫ HTTP Server Version2.4.26

Apache ≫ HTTP Server Version2.4.27

Apache ≫ HTTP Server Version2.4.28

Apache ≫ HTTP Server Version2.4.29

Canonical ≫ Ubuntu Linux Version12.04 SwEdition-

Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version16.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version17.10

Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts

Debian ≫ Debian Linux Version7.0

Debian ≫ Debian Linux Version8.0

Debian ≫ Debian Linux Version9.0

Netapp ≫ Cloud Backup Version-

Netapp ≫ Storagegrid Version-

Netapp ≫ Clustered Data Ontap Version-

Redhat ≫ Jboss Core Services Version1.0

Redhat ≫ Enterprise Linux Version6.0
Redhat ≫ Enterprise Linux Version7.0

Redhat ≫ Enterprise Linux Desktop Version7.0

Redhat ≫ Enterprise Linux Eus Version7.6

Redhat ≫ Enterprise Linux Server Version7.0

Redhat ≫ Enterprise Linux Server Aus Version7.6

Redhat ≫ Enterprise Linux Server Tus Version7.6

Redhat ≫ Enterprise Linux Workstation Version7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	9.08%	0.923

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E

https://httpd.apache.org/security/vulnerabilities_24.html

Vendor Advisory

https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E

https://access.redhat.com/errata/RHSA-2018:3558

Third Party Advisory

https://www.tenable.com/security/tns-2019-09

Third Party Advisory

https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:0366

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:0367

Third Party Advisory

https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E

https://lists.debian.org/debian-lts-announce/2018/05/msg00020.html

Third Party Advisory

Mailing List

https://security.netapp.com/advisory/ntap-20180601-0004/

Third Party Advisory

https://usn.ubuntu.com/3627-1/

Third Party Advisory

https://usn.ubuntu.com/3627-2/

Third Party Advisory

https://usn.ubuntu.com/3937-2/

Third Party Advisory

https://www.debian.org/security/2018/dsa-4164

Third Party Advisory

https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E

http://www.openwall.com/lists/oss-security/2018/03/24/7

Third Party Advisory

Mailing List

http://www.securityfocus.com/bid/103524

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1040571

Third Party Advisory

Broken Link

VDB Entry

https://access.redhat.com/errata/RHSA-2019:1898

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-1312

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-1312

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-1312

EUVD