Bug#230999: [CAN-2003-0987] mod_digest for Apache does not properly verify the nonce of a client response by using a AuthNonce secret.

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#230999: [CAN-2003-0987] mod_digest for Apache does not properly verify the nonce of a client response by using a AuthNonce secret.
From: "J.H.M. Dassen (Ray)" <fsmla@xinara.org>
Date: Tue, 3 Feb 2004 22:37:33 +0100
Message-id: <[🔎] 20040203213733.GA4791@xinara.org>
Reply-to: "J.H.M. Dassen (Ray)" <fsmla@xinara.org>, 230999@bugs.debian.org

Package: apache
Version: 1.3.29.0.1-5
Severity: grave
Tags: security patch

Candidate: CAN-2003-0987
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0987
Phase: Assigned (20031216)
Category: SF
Reference:
CONFIRM:http://www.mail-archive.com/dev@httpd.apache.org/msg19007.html
Reference:
CONFIRM:http://www.mail-archive.com/dev@httpd.apache.org/msg19014.html

mod_digest for Apache does not properly verify the nonce of a client
response by using a AuthNonce secret.


Current Votes:
None (candidate not yet proposed)

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.25-pre8
Locale: LANG=C, LC_CTYPE=en_US.ISO8859-1
-- 
Obsig: developing a new sig

Reply to:

Follow-Ups:
- Bug#230999: [CAN-2003-0987] mod_digest for Apache does not properly verify the nonce of a client response by using a AuthNonce secret.
  - From: Matt Zimmerman <mdz@debian.org>

Prev by Date: Processed: Re: Bug#230991: apache: Init script doesn't set PATH
Next by Date: New Casino : Get $120 Free from Diamond Casino
Previous by thread: Re: Bug#228791: apache: modules-config name and/or location too general
Next by thread: Bug#230999: [CAN-2003-0987] mod_digest for Apache does not properly verify the nonce of a client response by using a AuthNonce secret.
Index(es):
- Date
- Thread