PT-2003-1994 · Apache · Mod Digest+2

Published

2003-12-18

Updated

2021-06-06

CVE-2003-0987

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions mod digest for Apache versions prior to 1.3.31

Description The issue concerns the improper verification of the nonce of a client response by mod digest, which could allow a malicious user to conduct a replay attack against a website using Digest protection. This is possible if the attacker can sniff network traffic. Note that mod digest implements an older version of the MD5 Digest Authentication specification, which is known to be incompatible with modern browsers.

Recommendations For mod digest for Apache versions prior to 1.3.31, update to version 1.3.31 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2003-0987

Affected Products

Apache

Apache Http Server

Mod Digest

PT-2003-1994 · Apache · Mod Digest+2

CVE-2003-0987

Related Identifiers

Affected Products

References · 28