Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0987

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2003-0987
Last Modified 10 Sep 2008 03:21:21
Published 03 Mar 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0987

Summary

mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.

Vulnerable Systems

Application

  • Apache Http Server 1.3.30


References

XF - apache-moddigest-response-replay(15041)

BID - 9571

CONFIRM - http://www.mail-archive.com/dev@httpd.apache.org/msg19007.html

BUGTRAQ - 20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache)

TRUSTIX - 2004-0027

REDHAT - RHSA-2004:600

CONFIRM - http://www.mail-archive.com/dev@httpd.apache.org/msg19014.html

GENTOO - GLSA-200405-22

SLACKWARE - SSA:2004-133

REDHAT - RHSA-2005:816

MANDRAKE - MDKSA-2004:046

SUNALERT - 57628

SUNALERT - 101841

SUNALERT - 101555

SECTRACK - 1008920


Last Updated: 27 May 2016 10:38:08