mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Http_server | Apache | * | 1.3.30 |
Red Hat Enterprise Linux 2.1 | RedHat | apache | * |
Red Hat Enterprise Linux 2.1 | RedHat | mod_ssl | * |
Stronghold 4 for Red Hat Enterprise Linux | RedHat | stronghold-apache | * |
Stronghold 4 for Red Hat Enterprise Linux | RedHat | stronghold-mod_ssl | * |
Stronghold 4 for Red Hat Enterprise Linux | RedHat | stronghold-php | * |
Apache | Ubuntu | dapper | * |
Apache | Ubuntu | edgy | * |
Apache | Ubuntu | feisty | * |