Replay Vulnerability in mod_digest_apple for Apache on Mac OS X Server
CVE-2004-1082

Currently unrated

Key Information:

Vendor: IBM
Status: Http Server; Virtualvault; Communication Manager; Intuity Audix Lx
Vendor: CVE Published:; 3 February 2004

Summary

The mod_digest_apple module for Apache versions 1.3.31 and 1.3.32 on Mac OS X Server has a significant flaw in nonce verification. This weakness allows remote attackers to exploit the system by replaying valid credentials, potentially gaining unauthorized access. Proper validation mechanisms are essential to maintain the security integrity of client-server communications, and this vulnerability underscores the importance of vigilant patch management and system updates.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/18347

vdb-entryx_refsource_XF

http://lists.apple.com/archives/security-announce/2004/De...

vendor-advisoryx_refsource_APPLE

http://www.securitytracker.com/alerts/2004/Dec/1012414.html

vdb-entryx_refsource_SECTRACK

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Nov 30, 2004
Vulnerability published
Feb 3, 2004