Nicolas Daniels

**Name of the Vulnerable Software and Affected Versions** Apache httpd versions 2.2.0 through 2.4.29 **Description** The issue is related to the generation of an HTTP Digest authentication challenge, where the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. This could allow an attacker to replay HTTP requests across servers in a cluster using a common Digest authentication configuration without detection. The estimated number of potentially affected devices is not specified. **Recommendations** For Apache httpd versions 2.2.0 through 2.4.29, consider updating to a version where this issue is fixed, as the use of a pseudo-random seed for generating nonces is crucial for preventing replay attacks. As a temporary workaround, consider restricting access to the Digest authentication configuration to minimize the risk of exploitation. Avoid using the same Digest authentication configuration across multiple servers in a cluster until the issue is resolved.