vulnerability
Oracle Linux: CVE-2018-1312: ELSA-2019-1898: httpd security update (LOW) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:H/Au:N/C:P/I:P/A:N) | Mar 21, 2018 | Jul 21, 2020 | Nov 22, 2024 |
Severity
4
CVSS
(AV:N/AC:H/Au:N/C:P/I:P/A:N)
Published
Mar 21, 2018
Added
Jul 21, 2020
Modified
Nov 22, 2024
Description
In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.
Solution(s)
oracle-linux-upgrade-httpdoracle-linux-upgrade-httpd-develoracle-linux-upgrade-httpd-manualoracle-linux-upgrade-httpd-toolsoracle-linux-upgrade-mod-ldaporacle-linux-upgrade-mod-proxy-htmloracle-linux-upgrade-mod-sessionoracle-linux-upgrade-mod-ssl
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.