CVE-2004-1082

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.

References

http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html

http://www.ciac.org/ciac/bulletins/p-049.shtml

http://www.securityfocus.com/bid/9571

http://www.securitytracker.com/alerts/2004/Dec/1012414.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/18347

Details

Source: MITRE

Published: 2004-02-03

Updated: 2018-10-30

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.7:*:dev:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.27:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.28:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.29:*:*:*:*:*:*:*

cpe:2.3:a:apple:apache_mod_digest_apple:*:*:*:*:*:*:*:*

cpe:2.3:a:avaya:communication_manager:1.1:*:*:*:*:*:*:*

cpe:2.3:a:avaya:communication_manager:1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:avaya:communication_manager:2.0:*:*:*:*:*:*:*

cpe:2.3:a:avaya:communication_manager:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:avaya:intuity_audix_lx:*:*:*:*:*:*:*:*

cpe:2.3:a:hp:virtualvault:4.5:*:*:*:*:*:*:*

cpe:2.3:a:hp:virtualvault:4.6:*:*:*:*:*:*:*

cpe:2.3:a:hp:virtualvault:4.7:*:*:*:*:*:*:*

cpe:2.3:a:hp:webproxy:a.02.00:*:*:*:*:*:*:*

cpe:2.3:a:hp:webproxy:a.02.10:*:*:*:*:*:*:*

cpe:2.3:a:ibm:http_server:1.3.19:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:avaya:mn100:*:*:*:*:*:*:*:*

cpe:2.3:a:avaya:network_routing:*:*:*:*:*:*:*:*

cpe:2.3:o:avaya:modular_messaging_message_storage_server:1.1:*:*:*:*:*:*:*

cpe:2.3:o:avaya:modular_messaging_message_storage_server:2.0:*:*:*:*:*:*:*

cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*

cpe:2.3:o:openbsd:openbsd:3.5:*:*:*:*:*:*:*

cpe:2.3:o:openbsd:openbsd:current:*:*:*:*:*:*:*

cpe:2.3:o:sco:openserver:5.0.6:*:*:*:*:*:*:*

cpe:2.3:o:sco:openserver:5.0.7:*:*:*:*:*:*:*

cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*

cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*

cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*

cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*

Tenable Plugins

View all (4 total)

IDNameProductFamilySeverity
2444Mac OS X Multiple Vulnerabilities (Security Update 2004-12-02)Nessus Network MonitorWeb Clients
high
15898Mac OS X Multiple Vulnerabilities (Security Update 2004-12-02)NessusMacOS X Local Security Checks
high
14145Mandrake Linux Security Advisory : apache-mod_perl (MDKSA-2004:046-1)NessusMandriva Local Security Checks
high
800800Mac OS X Multiple Vulnerabilities (Security Update 2004-12-02)Log Correlation EngineOperating System Detection
medium