CVE-2003-0987

Name of the Vulnerable Software and Affected Versions mod digest for Apache versions prior to 1.3.31

Description The issue concerns the improper verification of the nonce of a client response by mod digest, which could allow a malicious user to conduct a replay attack against a website using Digest protection. This is possible if the attacker can sniff network traffic. Note that mod digest implements an older version of the MD5 Digest Authentication specification, which is known to be incompatible with modern browsers.

Recommendations For mod digest for Apache versions prior to 1.3.31, update to version 1.3.31 or later to resolve the issue.