CVE-2004-1082

Description

mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.

Affected products

apache / http_server1.3 – 1.3
apache / http_server1.3.1 – 1.3.1
apache / http_server1.3.3 – 1.3.3
apache / http_server1.3.4 – 1.3.4
apache / http_server1.3.6 – 1.3.6
apache / http_server1.3.7 – 1.3.7
apache / http_server1.3.9 – 1.3.9
apache / http_server1.3.11 – 1.3.11
apache / http_server1.3.12 – 1.3.12
apache / http_server1.3.14 – 1.3.14
apache / http_server1.3.17 – 1.3.17
apache / http_server1.3.18 – 1.3.18
apache / http_server1.3.19 – 1.3.19
apache / http_server1.3.20 – 1.3.20
apache / http_server1.3.22 – 1.3.22
apache / http_server1.3.23 – 1.3.23
apache / http_server1.3.24 – 1.3.24
apache / http_server1.3.25 – 1.3.25
apache / http_server1.3.26 – 1.3.26
apache / http_server1.3.27 – 1.3.27
apache / http_server1.3.28 – 1.3.28
apache / http_server1.3.29 – 1.3.29
Apple / apache_mod_digest_apple
Avaya / Communication Manager1.1 – 1.1
Avaya / Communication Manager1.3.1 – 1.3.1
Avaya / Communication Manager2.0 – 2.0
Avaya / Communication Manager2.0.1 – 2.0.1
Avaya / intuity_audix_lx
Avaya / mn100
Avaya / modular_messaging_message_storage_server2.0 – 2.0
Avaya / modular_messaging_message_storage_server1.1 – 1.1
Avaya / network_routing
HP / virtualvault4.5 – 4.5
HP / virtualvault4.7 – 4.7
HP / virtualvault4.6 – 4.6
HP / webproxya.02.00 – a.02.00
HP / webproxya.02.10 – a.02.10
ibm / http_server1.3.19 – 1.3.19
OpenBSD / OpenBSD3.4 – 3.4
OpenBSD / OpenBSD3.5 – 3.5
OpenBSD / OpenBSDcurrent – current
sco / openserver5.0.7 – 5.0.7
sco / openserver5.0.6 – 5.0.6
sun / solaris8.0 – 8.0
sun / solaris9.0 – 9.0
sun / solaris9.0 – 9.0
sun / sunos5.8 – 5.8

Description

Affected products

References