National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2003-0987 Detail

Description

mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.

Source:  MITRE      Last Modified:  03/03/2004

Quick Info

CVE Dictionary Entry:
CVE-2003-0987
Original release date:
03/03/2004
Last revised:
10/10/2017
Source:
US-CERT/NIST

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score:
7.5 HIGH
Vector:
(AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore:
6.4
Exploitability Subscore:
10.0
CVSS Version 2 Metrics:
Access Vector:
Network exploitable
Access Complexity:
Low
Authentication:
Not required to exploit
Impact Type:
Provides unauthorized access, Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service

Vendor Statements (disclaimer)

Official Statement from Apache (07/02/2008)

Fixed in Apache HTTP Server 1.3.31: http://httpd.apache.org/security/vulnerabilities_13.html

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
http://marc.info/?l=bugtraq&m=108437852004207&w=2 External Source BUGTRAQ 20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache)
http://security.gentoo.org/glsa/glsa-200405-22.xml External Source GENTOO GLSA-200405-22
http://securitytracker.com/id?1008920 External Source SECTRACK 1008920
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1 External Source SUNALERT 101555
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1 External Source SUNALERT 101841
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1 External Source SUNALERT 57628
http://www.mail-archive.com/dev@httpd.apache.org/msg19007.html Patch External Source CONFIRM http://www.mail-archive.com/dev@httpd.apache.org/msg19007.html
http://www.mail-archive.com/dev@httpd.apache.org/msg19014.html Vendor Advisory External Source CONFIRM http://www.mail-archive.com/dev@httpd.apache.org/msg19014.html
http://www.mandriva.com/security/advisories?name=MDKSA-2004:046 External Source MANDRAKE MDKSA-2004:046
http://www.redhat.com/support/errata/RHSA-2004-600.html External Source REDHAT RHSA-2004:600
http://www.redhat.com/support/errata/RHSA-2005-816.html External Source REDHAT RHSA-2005:816
http://www.securityfocus.com/bid/9571 Patch; Vendor Advisory External Source BID 9571
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643 External Source SLACKWARE SSA:2004-133
http://www.trustix.org/errata/2004/0027 External Source TRUSTIX 2004-0027
https://exchange.xforce.ibmcloud.com/vulnerabilities/15041 External Source XF apache-moddigest-response-replay(15041)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100108 External Source OVAL oval:org.mitre.oval:def:100108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4416 External Source OVAL oval:org.mitre.oval:def:4416

References to Check Content

Identifier:
oval:org.mitre.oval:def:100108
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:100108
Identifier:
oval:org.mitre.oval:def:4416
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:4416

Technical Details

Vulnerability Type (View All)

Change History 5 change records found - show changes