{"containers": {"cna": {"affected": [{"product": "Apache HTTP Server", "vendor": "Apache Software Foundation", "versions": [{"status": "affected", "version": "2.0.42 to 2.4.29"}]}], "datePublic": "2018-03-23T00:00:00", "descriptions": [{"lang": "en", "value": "In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection."}], "problemTypes": [{"descriptions": [{"description": "Authentication replay mitigation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-06-06T10:12:21", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"name": "USN-3627-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3627-1/"}, {"name": "DSA-4164", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2018/dsa-4164"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20180601-0004/"}, {"name": "RHSA-2018:3558", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:3558"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us"}, {"name": "RHSA-2019:0367", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:0367"}, {"name": "USN-3627-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3627-2/"}, {"name": "103524", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/103524"}, {"name": "[oss-security] 20180323 CVE-2018-1312: Weak Digest auth nonce generation in mod_auth_digest", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2018/03/24/7"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://httpd.apache.org/security/vulnerabilities_24.html"}, {"name": "[debian-lts-announce] 20180530 [SECURITY] [DLA 1389-1] apache2 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00020.html"}, {"name": "1040571", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1040571"}, {"name": "RHSA-2019:0366", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:0366"}, {"name": "USN-3937-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3937-2/"}, {"name": "RHSA-2019:1898", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:1898"}, {"name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.tenable.com/security/tns-2019-09"}, {"name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073139 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1888194 [11/13] - /httpd/site/trunk/content/security/json/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073149 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "DATE_PUBLIC": "2018-03-23T00:00:00", "ID": "CVE-2018-1312", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache HTTP Server", "version": {"version_data": [{"version_value": "2.0.42 to 2.4.29"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Authentication replay mitigation"}]}]}, "references": {"reference_data": [{"name": "USN-3627-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3627-1/"}, {"name": "DSA-4164", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4164"}, {"name": "https://security.netapp.com/advisory/ntap-20180601-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20180601-0004/"}, {"name": "RHSA-2018:3558", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3558"}, {"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us"}, {"name": "RHSA-2019:0367", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:0367"}, {"name": "USN-3627-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3627-2/"}, {"name": "103524", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103524"}, {"name": "[oss-security] 20180323 CVE-2018-1312: Weak Digest auth nonce generation in mod_auth_digest", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2018/03/24/7"}, {"name": "https://httpd.apache.org/security/vulnerabilities_24.html", "refsource": "CONFIRM", "url": "https://httpd.apache.org/security/vulnerabilities_24.html"}, {"name": "[debian-lts-announce] 20180530 [SECURITY] [DLA 1389-1] apache2 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00020.html"}, {"name": "1040571", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040571"}, {"name": "RHSA-2019:0366", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:0366"}, {"name": "USN-3937-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3937-2/"}, {"name": "RHSA-2019:1898", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1898"}, {"name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E"}, {"name": "https://www.tenable.com/security/tns-2019-09", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2019-09"}, {"name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073139 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1888194 [11/13] - /httpd/site/trunk/content/security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770@%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073149 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9@%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:59:37.841Z"}, "title": "CVE Program Container", "references": [{"name": "USN-3627-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3627-1/"}, {"name": "DSA-4164", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2018/dsa-4164"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20180601-0004/"}, {"name": "RHSA-2018:3558", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:3558"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us"}, {"name": "RHSA-2019:0367", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:0367"}, {"name": "USN-3627-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3627-2/"}, {"name": "103524", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/103524"}, {"name": "[oss-security] 20180323 CVE-2018-1312: Weak Digest auth nonce generation in mod_auth_digest", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2018/03/24/7"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://httpd.apache.org/security/vulnerabilities_24.html"}, {"name": "[debian-lts-announce] 20180530 [SECURITY] [DLA 1389-1] apache2 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00020.html"}, {"name": "1040571", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1040571"}, {"name": "RHSA-2019:0366", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:0366"}, {"name": "USN-3937-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3937-2/"}, {"name": "RHSA-2019:1898", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:1898"}, {"name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.tenable.com/security/tns-2019-09"}, {"name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073139 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1888194 [11/13] - /httpd/site/trunk/content/security/json/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073149 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2018-1312", "datePublished": "2018-03-26T15:00:00Z", "dateReserved": "2017-12-07T00:00:00", "dateUpdated": "2024-09-16T19:14:07.045Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "6FCD3C8C-9BF8-4F30-981A-593EEAEB9EDD", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "046487A3-752B-4D0F-8984-96486B828EAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "89D2E052-51CD-4B57-A8B8-FAE51988D654", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "EAA27058-BACF-4F94-8E3C-7D38EC302EC1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "8FEAB0DF-04A9-4F99-8666-0BADC5D642B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "E7D924D1-8A36-4C43-9E56-52814F9A6350", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*", "matchCriteriaId": "39CDFECC-E26D-47E0-976F-6629040B3764", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*", "matchCriteriaId": "E3ECBCB1-0675-41F5-857B-438F36925F63", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*", "matchCriteriaId": "CB6CBFBF-74F6-42AF-BC79-AA53EA75F00B", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*", "matchCriteriaId": "8717A96B-9DB5-48D6-A2CF-A5E2B26AF3F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*", "matchCriteriaId": "E1F45B27-504B-4202-87B8-BD3B094003F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*", "matchCriteriaId": "F2FB2B98-DFD2-420A-8A7F-9B288651242F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*", "matchCriteriaId": "B803D25B-0A19-4569-BA05-09D58F33917C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*", "matchCriteriaId": "8510442C-212F-4013-85FA-E0AB59F6F2C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*", "matchCriteriaId": "FB5673AB-53BB-40B2-83A7-8B82B2D0EBB8", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*", "matchCriteriaId": "FBB3ED63-45CA-44AB-973C-9AD2569AD800", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*", "matchCriteriaId": "FF30AD98-9CBA-456E-A827-79FCEDEB30A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.28:*:*:*:*:*:*:*", "matchCriteriaId": "C117BF2F-1E5B-4AEC-8770-3153E5B4CD07", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.29:*:*:*:*:*:*:*", "matchCriteriaId": "437BC6D8-D103-452C-9C86-D89FC977A50F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", "matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40", "vulnerable": true}, {"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "matchCriteriaId": "1FED6CAE-D97F-49E0-9D00-1642A3A427B4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "A2466282-51AB-478D-9FF4-FA524265ED2E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": false}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection."}, {"lang": "es", "value": "En Apache httpd, en versiones desde la 2.2.0 hasta la 2.4.29, cuando se genera un desaf\u00edo de autenticaci\u00f3n HTTP Digest, el nonce enviado para evitar ataques replay no se gener\u00f3 correctamente empleando una semilla pseudoaleatoria. En un cl\u00faster de servidores, utilizando una configuraci\u00f3n de autenticaci\u00f3n Digest com\u00fan, las peticiones HTTP se podr\u00edan reemplazar en los servidores por un atacante si que este sea detectado."}], "id": "CVE-2018-1312", "lastModified": "2023-11-07T02:55:57.247", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-03-26T15:29:00.587", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2018/03/24/7"}, {"source": "security@apache.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103524"}, {"source": "security@apache.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040571"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:3558"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:0366"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:0367"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:1898"}, {"source": "security@apache.org", "tags": ["Vendor Advisory"], "url": "https://httpd.apache.org/security/vulnerabilities_24.html"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00020.html"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20180601-0004/"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3627-1/"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3627-2/"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3937-2/"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2018/dsa-4164"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://www.tenable.com/security/tns-2019-09"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2019:0367", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-0:1-6.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-02-18T00:00:00Z"}, {"advisory": "RHSA-2019:0367", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-02-18T00:00:00Z"}, {"advisory": "RHSA-2019:0367", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-02-18T00:00:00Z"}, {"advisory": "RHSA-2019:0367", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-02-18T00:00:00Z"}, {"advisory": "RHSA-2019:0367", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-02-18T00:00:00Z"}, {"advisory": "RHSA-2019:0367", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-02-18T00:00:00Z"}, {"advisory": "RHSA-2019:0367", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-02-18T00:00:00Z"}, {"advisory": "RHSA-2019:0367", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-02-18T00:00:00Z"}, {"advisory": "RHSA-2019:0367", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-02-18T00:00:00Z"}, {"advisory": "RHSA-2019:0367", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-0:1-6.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-02-18T00:00:00Z"}, {"advisory": "RHSA-2019:0367", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-02-18T00:00:00Z"}, {"advisory": "RHSA-2019:0367", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-02-18T00:00:00Z"}, {"advisory": "RHSA-2019:0367", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-02-18T00:00:00Z"}, {"advisory": "RHSA-2019:0367", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-02-18T00:00:00Z"}, {"advisory": "RHSA-2019:0367", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-02-18T00:00:00Z"}, {"advisory": "RHSA-2019:0367", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-02-18T00:00:00Z"}, {"advisory": "RHSA-2019:0367", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-02-18T00:00:00Z"}, {"advisory": "RHSA-2019:0367", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-02-18T00:00:00Z"}, {"advisory": "RHSA-2019:1898", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "httpd-0:2.4.6-89.el7_6.1", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-07-29T00:00:00Z"}, {"advisory": "RHSA-2019:0366", "cpe": "cpe:/a:redhat:jboss_core_services:1", "package": "httpd", "product_name": "Red Hat JBoss Core Services 1", "release_date": "2019-02-18T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "httpd24-curl-0:7.61.1-1.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "httpd24-httpd-0:2.4.34-7.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "httpd24-nghttp2-0:1.7.1-7.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-curl-0:7.61.1-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-httpd-0:2.4.34-7.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-nghttp2-0:1.7.1-7.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-curl-0:7.61.1-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-httpd-0:2.4.34-7.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-nghttp2-0:1.7.1-7.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-curl-0:7.61.1-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-httpd-0:2.4.34-7.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-nghttp2-0:1.7.1-7.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-curl-0:7.61.1-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-httpd-0:2.4.34-7.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-nghttp2-0:1.7.1-7.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2018-11-13T00:00:00Z"}], "bugzilla": {"description": "httpd: Weak Digest auth nonce generation in mod_auth_digest", "id": "1560634", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560634"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.2", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "status": "verified"}, "cwe": "CWE-305", "details": ["In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection."], "name": "CVE-2018-1312", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "httpd", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "httpd", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "httpd", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2", "fix_state": "Will not fix", "package_name": "httpd", "product_name": "Red Hat JBoss Enterprise Web Server 2"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3", "fix_state": "Not affected", "package_name": "httpd", "product_name": "Red Hat JBoss Web Server 3"}, {"cpe": "cpe:/a:redhat:mobile_application_platform:4", "fix_state": "Not affected", "package_name": "rhmap-httpd-docker", "product_name": "Red Hat Mobile Application Platform 4"}], "public_date": "2018-03-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-1312\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1312\nhttps://httpd.apache.org/security/vulnerabilities_24.html"], "statement": "The \"AuthType Digest\" directive is not enabled in the default httpd configuration as shipped with Red Hat Enterprise Linux, and needs to be explicitly enabled. Therefore this flaw has no impact on the default versions of the httpd package as shipped with Red Hat Enterprise Linux. Also upstream discourages the use of mod_auth_digest because of its inherent security weaknesses and recommends the use of mod_ssl.", "threat_severity": "Low", "upstream_fix": "httpd 2.4.30"}