NVD脆弱性詳細

CVE-2004-1082

概要	mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
公表日	2004年2月3日14:00
登録日	2021年1月29日18:00
最終更新日	2018年10月31日1:25

CVSS2.0 : HIGH
スコア	7.5
ベクター	AV:N/AC:L/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
全ての特権を取得	いいえ
ユーザー権限を取得	いいえ
その他の権限を取得	はい
ユーザー操作が必要	いいえ

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:apache:http_server:1.3:::::::*
cpe:2.3:a:apache:http_server:1.3.1:::::::*
cpe:2.3:a:apache:http_server:1.3.3:::::::*
cpe:2.3:a:apache:http_server:1.3.4:::::::*
cpe:2.3:a:apache:http_server:1.3.6:::::::*
cpe:2.3:a:apache:http_server:1.3.7::dev:::::
cpe:2.3:a:apache:http_server:1.3.9:::::::*
cpe:2.3:a:apache:http_server:1.3.11:::::::*
cpe:2.3:a:apache:http_server:1.3.12:::::::*
cpe:2.3:a:apache:http_server:1.3.14:::::::*
cpe:2.3:a:apache:http_server:1.3.17:::::::*
cpe:2.3:a:apache:http_server:1.3.18:::::::*
cpe:2.3:a:apache:http_server:1.3.19:::::::*
cpe:2.3:a:apache:http_server:1.3.20:::::::*
cpe:2.3:a:apache:http_server:1.3.22:::::::*
cpe:2.3:a:apache:http_server:1.3.23:::::::*
cpe:2.3:a:apache:http_server:1.3.24:::::::*
cpe:2.3:a:apache:http_server:1.3.25:::::::*
cpe:2.3:a:apache:http_server:1.3.26:::::::*
cpe:2.3:a:apache:http_server:1.3.27:::::::*
cpe:2.3:a:apache:http_server:1.3.28:::::::*
cpe:2.3:a:apache:http_server:1.3.29:::::::*
cpe:2.3:a:apple:apache_mod_digest_apple::::::::
cpe:2.3:a:avaya:communication_manager:1.1:::::::*
cpe:2.3:a:avaya:communication_manager:1.3.1:::::::*
cpe:2.3:a:avaya:communication_manager:2.0:::::::*
cpe:2.3:a:avaya:communication_manager:2.0.1:::::::*
cpe:2.3:a:avaya:intuity_audix_lx::::::::
cpe:2.3:a:hp:virtualvault:4.5:::::::*
cpe:2.3:a:hp:virtualvault:4.6:::::::*
cpe:2.3:a:hp:virtualvault:4.7:::::::*
cpe:2.3:a:hp:webproxy:a.02.00:::::::*
cpe:2.3:a:hp:webproxy:a.02.10:::::::*
cpe:2.3:a:ibm:http_server:1.3.19:::::::*

構成2	以上	以下	より上	未満
cpe:2.3:a:avaya:mn100::::::::
cpe:2.3:a:avaya:network_routing::::::::
cpe:2.3:o:avaya:modular_messaging_message_storage_server:1.1:::::::*
cpe:2.3:o:avaya:modular_messaging_message_storage_server:2.0:::::::*
cpe:2.3:o:openbsd:openbsd:3.4:::::::*
cpe:2.3:o:openbsd:openbsd:3.5:::::::*
cpe:2.3:o:openbsd:openbsd:current:::::::*
cpe:2.3:o:sco:openserver:5.0.6:::::::*
cpe:2.3:o:sco:openserver:5.0.7:::::::*
cpe:2.3:o:sun:solaris:8.0::x86:::::
cpe:2.3:o:sun:solaris:9.0::sparc:::::
cpe:2.3:o:sun:solaris:9.0::x86:::::
cpe:2.3:o:sun:sunos:5.8:::::::*

構成1	以上	以下	より上	未満
cpe:2.3:a:apache:http_server:1.3:::::::*
cpe:2.3:a:apache:http_server:1.3.1:::::::*
cpe:2.3:a:apache:http_server:1.3.3:::::::*
cpe:2.3:a:apache:http_server:1.3.4:::::::*
cpe:2.3:a:apache:http_server:1.3.6:::::::*
cpe:2.3:a:apache:http_server:1.3.7::dev:::::
cpe:2.3:a:apache:http_server:1.3.9:::::::*
cpe:2.3:a:apache:http_server:1.3.11:::::::*
cpe:2.3:a:apache:http_server:1.3.12:::::::*
cpe:2.3:a:apache:http_server:1.3.14:::::::*
cpe:2.3:a:apache:http_server:1.3.17:::::::*
cpe:2.3:a:apache:http_server:1.3.18:::::::*
cpe:2.3:a:apache:http_server:1.3.19:::::::*
cpe:2.3:a:apache:http_server:1.3.20:::::::*
cpe:2.3:a:apache:http_server:1.3.22:::::::*
cpe:2.3:a:apache:http_server:1.3.23:::::::*
cpe:2.3:a:apache:http_server:1.3.24:::::::*
cpe:2.3:a:apache:http_server:1.3.25:::::::*
cpe:2.3:a:apache:http_server:1.3.26:::::::*
cpe:2.3:a:apache:http_server:1.3.27:::::::*
cpe:2.3:a:apache:http_server:1.3.28:::::::*
cpe:2.3:a:apache:http_server:1.3.29:::::::*
cpe:2.3:a:apple:apache_mod_digest_apple::::::::
cpe:2.3:a:avaya:communication_manager:1.1:::::::*
cpe:2.3:a:avaya:communication_manager:1.3.1:::::::*
cpe:2.3:a:avaya:communication_manager:2.0:::::::*
cpe:2.3:a:avaya:communication_manager:2.0.1:::::::*
cpe:2.3:a:avaya:intuity_audix_lx::::::::
cpe:2.3:a:hp:virtualvault:4.5:::::::*
cpe:2.3:a:hp:virtualvault:4.6:::::::*
cpe:2.3:a:hp:virtualvault:4.7:::::::*
cpe:2.3:a:hp:webproxy:a.02.00:::::::*
cpe:2.3:a:hp:webproxy:a.02.10:::::::*
cpe:2.3:a:ibm:http_server:1.3.19:::::::*

構成2	以上	以下	より上	未満
cpe:2.3:a:avaya:mn100::::::::
cpe:2.3:a:avaya:network_routing::::::::
cpe:2.3:o:avaya:modular_messaging_message_storage_server:1.1:::::::*
cpe:2.3:o:avaya:modular_messaging_message_storage_server:2.0:::::::*
cpe:2.3:o:openbsd:openbsd:3.4:::::::*
cpe:2.3:o:openbsd:openbsd:3.5:::::::*
cpe:2.3:o:openbsd:openbsd:current:::::::*
cpe:2.3:o:sco:openserver:5.0.6:::::::*
cpe:2.3:o:sco:openserver:5.0.7:::::::*
cpe:2.3:o:sun:solaris:8.0::x86:::::
cpe:2.3:o:sun:solaris:9.0::sparc:::::
cpe:2.3:o:sun:solaris:9.0::x86:::::
cpe:2.3:o:sun:sunos:5.8:::::::*

No	URL	refsource	タグ
1	http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html	APPLE	Patch Vendor Advisory
2	http://www.ciac.org/ciac/bulletins/p-049.shtml	CIAC	Patch Vendor Advisory
3	http://www.securityfocus.com/bid/9571	BID	Patch Vendor Advisory
4	http://www.securitytracker.com/alerts/2004/Dec/1012414.html	SECTRACK	Patch Vendor Advisory
5	https://exchange.xforce.ibmcloud.com/vulnerabilities/18347	XF