Apache – CVE-2018-1312

Home » Blog » Apache – CVE-2018-1312

Description

Kayran has detected that the version of Apache httpd being used is vulnerable to reply attacks.
When generating an HTTP Digest authentication challenge, the nonce that was sent in order to prevent reply attacks was not correctly generated using a pseudo-random seed. Also known as CVE-2018-1312.

HTTP requests could be replayed in a cluster of servers using a common Digest authentication configuration.
This can be done across the servers by an attacker without being detected or noticed.

Severity/Score

CVSS Version 3.x – 9.8 Critical

Recommendation

To deal with CVE-2018-1312, update the version of Apache httpd to 2.4.33 or higher.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312

https://cwe.mitre.org/data/definitions/287.html

< Return to all Vulnerabilities

Blue Team

We’ve talked about The Red Team before, but what about The Blue Team? How is this group different from the red one? Why would we

Using VPN

What is a VPN? Why should someone be using VPN? Which Problems does is solve? and what is the advantages and disadvantages of it? Let’s

A security vulnerability our API hates

As you know, we’ve talked about many different and critical subjects related to application programming and knowing that it is very important to protect them,