CVE-2004-1082
UnknownEPSS 7.58%
Last modified
CVE-2004-1082 is a vulnerability of currently unknown severity. mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.. EPSS estimates a 7.58% chance of exploitation in the next 30 days.
Description
mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apache | Http Server | 1.3 |
| Apache | Http Server | 1.3.1 |
| Apache | Http Server | 1.3.3 |
| Apache | Http Server | 1.3.4 |
| Apache | Http Server | 1.3.6 |
| Apache | Http Server | 1.3.7 |
| Apache | Http Server | 1.3.9 |
| Apache | Http Server | 1.3.11 |
| Apache | Http Server | 1.3.12 |
| Apache | Http Server | 1.3.14 |
| Apache | Http Server | 1.3.17 |
| Apache | Http Server | 1.3.18 |
| Apache | Http Server | 1.3.19 |
| Apache | Http Server | 1.3.20 |
| Apache | Http Server | 1.3.22 |
| Apache | Http Server | 1.3.23 |
| Apache | Http Server | 1.3.24 |
| Apache | Http Server | 1.3.25 |
| Apache | Http Server | 1.3.26 |
| Apache | Http Server | 1.3.27 |
| Apache | Http Server | 1.3.28 |
| Apache | Http Server | 1.3.29 |
| Apple | Apache Mod Digest Apple | All versions |
| Avaya | Communication Manager | 1.1 |
| Avaya | Communication Manager | 1.3.1 |
| Avaya | Communication Manager | 2.0 |
| Avaya | Communication Manager | 2.0.1 |
| Avaya | Intuity Audix Lx | All versions |
| Hp | Virtualvault | 4.5 |
| Hp | Virtualvault | 4.6 |
| Hp | Virtualvault | 4.7 |
| Hp | Webproxy | a.02.00 |
| Hp | Webproxy | a.02.10 |
| Ibm | Http Server | 1.3.19 |
| Avaya | Mn100 | All versions |
| Avaya | Network Routing | All versions |
| Avaya | Modular Messaging Message Storage Server | 1.1 |
| Avaya | Modular Messaging Message Storage Server | 2.0 |
| Openbsd | Openbsd | 3.4 |
| Openbsd | Openbsd | 3.5 |
| Openbsd | Openbsd | current |
| Sco | Openserver | 5.0.6 |
| Sco | Openserver | 5.0.7 |
| Sun | Solaris | 8.0 |
| Sun | Solaris | 9.0 |
| Sun | Sunos | 5.8 |
References
- http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.htmlPatch, Vendor Advisory
- http://www.ciac.org/ciac/bulletins/p-049.shtmlPatch, Vendor Advisory
- http://www.securityfocus.com/bid/9571Patch, Vendor Advisory
- http://www.securitytracker.com/alerts/2004/Dec/1012414.htmlPatch, Vendor Advisory
- http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.htmlPatch, Vendor Advisory
- http://www.ciac.org/ciac/bulletins/p-049.shtmlPatch, Vendor Advisory
- http://www.securityfocus.com/bid/9571Patch, Vendor Advisory
- http://www.securitytracker.com/alerts/2004/Dec/1012414.htmlPatch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2004-1082?
mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
How severe is CVE-2004-1082?
Severity scoring for CVE-2004-1082 is pending analysis. The EPSS model estimates a 7.58% probability of exploitation in the next 30 days.
How do I fix CVE-2004-1082?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2004-1082?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST