CVE-2004-1082

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2004-1082
mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html Patch Vendor Advisory
http://www.ciac.org/ciac/bulletins/p-049.shtml Patch Vendor Advisory
http://www.securityfocus.com/bid/9571 Patch Vendor Advisory
http://www.securitytracker.com/alerts/2004/Dec/1012414.html Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/18347
http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html Patch Vendor Advisory
http://www.ciac.org/ciac/bulletins/p-049.shtml Patch Vendor Advisory
http://www.securityfocus.com/bid/9571 Patch Vendor Advisory
http://www.securitytracker.com/alerts/2004/Dec/1012414.html Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/18347
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.7:*:dev:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.27:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.28:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.29:*:*:*:*:*:*:*
cpe:2.3:a:apple:apache_mod_digest_apple:*:*:*:*:*:*:*:*
cpe:2.3:a:avaya:communication_manager:1.1:*:*:*:*:*:*:*
cpe:2.3:a:avaya:communication_manager:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:avaya:communication_manager:2.0:*:*:*:*:*:*:*
cpe:2.3:a:avaya:communication_manager:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:avaya:intuity_audix_lx:*:*:*:*:*:*:*:*
cpe:2.3:a:hp:virtualvault:4.5:*:*:*:*:*:*:*
cpe:2.3:a:hp:virtualvault:4.6:*:*:*:*:*:*:*
cpe:2.3:a:hp:virtualvault:4.7:*:*:*:*:*:*:*
cpe:2.3:a:hp:webproxy:a.02.00:*:*:*:*:*:*:*
cpe:2.3:a:hp:webproxy:a.02.10:*:*:*:*:*:*:*
cpe:2.3:a:ibm:http_server:1.3.19:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:avaya:mn100:*:*:*:*:*:*:*:*
cpe:2.3:a:avaya:network_routing:*:*:*:*:*:*:*:*
cpe:2.3:o:avaya:modular_messaging_message_storage_server:1.1:*:*:*:*:*:*:*
cpe:2.3:o:avaya:modular_messaging_message_storage_server:2.0:*:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:3.5:*:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:current:*:*:*:*:*:*:*
cpe:2.3:o:sco:openserver:5.0.6:*:*:*:*:*:*:*
cpe:2.3:o:sco:openserver:5.0.7:*:*:*:*:*:*:*
cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*
cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*
cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*
History

20 Nov 2024, 23:50

Type Values Removed Values Added
References () http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html - Patch, Vendor Advisory () http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html - Patch, Vendor Advisory
References () http://www.ciac.org/ciac/bulletins/p-049.shtml - Patch, Vendor Advisory () http://www.ciac.org/ciac/bulletins/p-049.shtml - Patch, Vendor Advisory
References () http://www.securityfocus.com/bid/9571 - Patch, Vendor Advisory () http://www.securityfocus.com/bid/9571 - Patch, Vendor Advisory
References () http://www.securitytracker.com/alerts/2004/Dec/1012414.html - Patch, Vendor Advisory () http://www.securitytracker.com/alerts/2004/Dec/1012414.html - Patch, Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/18347 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/18347 -
Information

Published : 2004-02-03 05:00

Updated : 2025-04-03 01:03

NVD link : CVE-2004-1082

Mitre link : CVE-2004-1082

CVE.ORG link : CVE-2004-1082

JSON object : View

Products Affected

hp

  • webproxy
  • virtualvault

apple

  • apache_mod_digest_apple

avaya

  • intuity_audix_lx
  • communication_manager
  • mn100
  • network_routing
  • modular_messaging_message_storage_server

sun

  • sunos
  • solaris

apache

  • http_server

openbsd

  • openbsd

ibm

  • http_server

sco

  • openserver
CWE
NVD-CWE-Other