CVE-2018-1312
CRITICAL
9.8
CVSS Severity Score
Vulnerability Description
In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.
Affected Platforms (CPE)
📦
Apache
Http Server
= 2.4.1📦
Apache
Http Server
= 2.4.2📦
Apache
Http Server
= 2.4.3📦
Apache
Http Server
= 2.4.4📦
Apache
Http Server
= 2.4.6📦
Apache
Http Server
= 2.4.7📦
Apache
Http Server
= 2.4.9📦
Apache
Http Server
= 2.4.10📦
Apache
Http Server
= 2.4.12📦
Apache
Http Server
= 2.4.16📦
Apache
Http Server
= 2.4.17📦
Apache
Http Server
= 2.4.18📦
Apache
Http Server
= 2.4.20📦
Apache
Http Server
= 2.4.23📦
Apache
Http Server
= 2.4.25📦
Apache
Http Server
= 2.4.26📦
Apache
Http Server
= 2.4.27📦
Apache
Http Server
= 2.4.28📦
Apache
Http Server
= 2.4.29💻
Canonical
Ubuntu Linux
= 12.04💻
Canonical
Ubuntu Linux
= 14.04💻
Canonical
Ubuntu Linux
= 16.04💻
Canonical
Ubuntu Linux
= 17.10💻
Canonical
Ubuntu Linux
= 18.04💻
Debian
Debian Linux
= 7.0💻
Debian
Debian Linux
= 8.0💻
Debian
Debian Linux
= 9.0📦
Netapp
Cloud Backup
All versions📦
Netapp
Storagegrid
All versions💻
Netapp
Clustered Data Ontap
All versions📦
Redhat
Jboss Core Services
= 1.0💻
Redhat
Enterprise Linux Desktop
= 7.0💻
Redhat
Enterprise Linux Eus
= 7.6💻
Redhat
Enterprise Linux Server
= 7.0💻
Redhat
Enterprise Linux Server Aus
= 7.6💻
Redhat
Enterprise Linux Server Tus
= 7.6💻
Redhat