CVE-2018-1312

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-1312
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1312.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-1312
Downstream
Related
Published
2018-03-26T15:29:00.587Z
Modified
2026-02-12T08:21:08.242872Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.

References

Affected packages

Git / github.com/apache/httpd

Affected ranges

Type
GIT
Repo
https://github.com/apache/httpd
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
015ab81d44c1f6def12fdbb7dc8d8241bf8e3ef5
Last affected
1287b680fbde78d9289029b6a6b63a3f9e58d704
Last affected
14434f9be6e1624a4b3070b0df00901fb62e9ca4
Last affected
2d1deb10cfafe25ade7f30307e13b6d0c21a5473
Last affected
3cdd2d84507d2a86eb5dab2eec96f1035bb76d6c
Last affected
408b0bd76056d59fa1d46deab60904b816f0d119
Last affected
47a9d8e8abf5697b4580c3ee2ade302b5c058fa6
Last affected
48a67b87136be1426f2cc84de9c4e1101b37a2b9
Last affected
60fa04727910859b5512f7bbb36c53c4652cff2c
Last affected
67578c0315accbca1bba22d695c59d51197c99cc
Last affected
6e65a7f3dadcade4274ae53f734d4c35188e3786
Last affected
7650f0ca88028593a7c5fbba2e20bca4a65b031d
Last affected
7ea253ccfeaec99b5684c909dce6d9a6d7ee6486
Last affected
8048373d9a8bd8c7237829b56a06485d5f5bf2e4
Last affected
954dfbe8a95dac3b93e12761f65754104f1696ea
Last affected
a168e4e5bab311688e66564ad230f32818adbacc
Last affected
b7ef32c4957883ab17105fa82e6331bf48bed78a
Last affected
b898ce7c11834c1ca9bcff7aa85f9d42ee254d26
Last affected
ef07cb031c6f8f7ac483c26fc858aad68c365fd9
Last affected
f2b561181dbd0c689fd583c60878ce05854ec5f9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1312.json"

Git / github.com/flatpak/flatpak

Affected ranges

Type
GIT
Repo
https://github.com/flatpak/flatpak
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5545ac4ba66c817857fd9a421922126d74d86a3e

Affected versions

0.*
0.1
0.10.0
0.10.1
0.10.2
0.11.1
0.11.2
0.11.3
0.11.4
0.11.5
0.11.6
0.11.7
0.11.8
0.11.8.1
0.11.8.2
0.11.8.3
0.2
0.2.1
0.3
0.3.1
0.3.2
0.3.3
0.3.4
0.3.5
0.3.6
0.4.0
0.4.1
0.4.10
0.4.11
0.4.12
0.4.13
0.4.2
0.4.2.1
0.4.3
0.4.4
0.4.5
0.4.6
0.4.7
0.4.8
0.4.9
0.5.0
0.5.1
0.5.2
0.6.0
0.6.1
0.6.10
0.6.11
0.6.12
0.6.13
0.6.14
0.6.2
0.6.3
0.6.4
0.6.5
0.6.6
0.6.7
0.6.8
0.6.9
0.8.0
0.8.1
0.9.1
0.9.10
0.9.11
0.9.12
0.9.2
0.9.3
0.9.4
0.9.5
0.9.6
0.9.7
0.9.8
0.9.9
0.9.98
0.9.98.1
0.9.98.2
0.9.99
0.99.1
0.99.2
0.99.3
1.*
1.0.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1312.json"