Apache – CVE-2018-1312


Kayran has detected that the version of Apache httpd being used is vulnerable to reply attacks.
When generating an HTTP Digest authentication challenge, the nonce that was sent in order to prevent reply attacks was not correctly generated using a pseudo-random seed. Also known as CVE-2018-1312.

HTTP requests could be replayed in a cluster of servers using a common Digest authentication configuration.
This can be done across the servers by an attacker without being detected or noticed.


CVSS Version 3.x – 9.8 Critical


To deal with CVE-2018-1312, update the version of Apache httpd to 2.4.33 or higher.




< Return to all Vulnerabilities

Servers 101

Let’s have a “quick” Servers 101 Course. Courtesy of Kayran! If you’ve been on the internet for over an hour, you probably already heard of

Read More »