LOGIN
CONTACT SALES
LOGIN
CONTACT SALES

Apache – CVE-2018-1312

Description

Cytrix has detected that the version of Apache httpd being used is vulnerable to reply attacks.
When generating an HTTP Digest authentication challenge, the nonce that was sent in order to prevent reply attacks was not correctly generated using a pseudo-random seed. Also known as CVE-2018-1312.

HTTP requests could be replayed in a cluster of servers using a common Digest authentication configuration.
This can be done across the servers by an attacker without being detected or noticed.

Severity/Score

CVSS Version 3.x – 9.8 Critical

Recommendation

To deal with CVE-2018-1312, update the version of Apache httpd to 2.4.33 or higher.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312

https://cwe.mitre.org/data/definitions/287.html

< Return to all Vulnerabilities

Request a Demo

The Dark Web

Let’s talk about the darker and more mysterious side of the internet, also known as The Dark Web. You’ve probably heard about it, whether it’s

Read More »

Active Directory Hacking

What does Active Directory mean? The Active Directory infrastructure is a critical infrastructure in most organizations, and it forms the backbone of the organization’s computing

Read More »
Facebook Linkedin

Company

Resources

Docs

Latest posts

PING US
Facebook Linkedin