Apache – CVE-2018-1312

Home » Blog » Apache – CVE-2018-1312

Description

Kayran has detected that the version of Apache httpd being used is vulnerable to reply attacks.
When generating an HTTP Digest authentication challenge, the nonce that was sent in order to prevent reply attacks was not correctly generated using a pseudo-random seed. Also known as CVE-2018-1312.

HTTP requests could be replayed in a cluster of servers using a common Digest authentication configuration.
This can be done across the servers by an attacker without being detected or noticed.

Severity/Score

CVSS Version 3.x – 9.8 Critical

Recommendation

To deal with CVE-2018-1312, update the version of Apache httpd to 2.4.33 or higher.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312

https://cwe.mitre.org/data/definitions/287.html

< Return to all Vulnerabilities

The average hacker shopping list – the CVE

When i take an X-Rey my doctor sits me down and simply “roast” me with stuff like how un-healthy i am, how i should stop

GETting it – POSTing it

No one likes things to get mixed up, creating confusion and misunderstandings, and sometimes even make our arguments seem a bit silly in the heat

Zeroed In – Zero-Day Attacks

If you are familiar with programming, you know that Zero ([0]) is usually the starting point of arrays, that is called Zero-based numbering, what does