CVE-2018-1312 vulnerability in Apache and Other Products
Published on March 26, 2018

In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2018-1312

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-1312 are published in these products:

Apache HTTP Server

NetApp Santricity Cloud Connector

NetApp Storagegrid

NetApp Storage Automation Store

Canonical Ubuntu Linux

Debian Linux

NetApp Clustered Data Ontap

Red Hat Enterprise Linux (RHEL)

NetApp Cloud Backup

Red Hat Enterprise Linux Desktop

Red Hat Enterprise Linux Workstation

Red Hat Enterprise Linux Server

Red Hat Enterprise Linux Server Tus

Red Hat Enterprise Linux Server Aus

Red Hat Enterprise Linux Eus

Affected Versions

Apache Software Foundation Apache HTTP Server Version 2.0.42 to 2.4.29 is affected by CVE-2018-1312

Exploit Probability

EPSS

7.28%

Percentile

91.56%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2018-1312 vulnerability in Apache and Other ProductsPublished on March 26, 2018

Products Associated with CVE-2018-1312

Affected Versions

Exploit Probability

CVE-2018-1312 vulnerability in Apache and Other Products
Published on March 26, 2018