Bug#230999: [CAN-2003-0987] mod_digest for Apache does not properly verify the nonce of a client response by using a AuthNonce secret.
Package: apache
Version: 1.3.29.0.1-5
Severity: grave
Tags: security patch
Candidate: CAN-2003-0987
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0987
Phase: Assigned (20031216)
Category: SF
Reference:
CONFIRM:http://www.mail-archive.com/dev@httpd.apache.org/msg19007.html
Reference:
CONFIRM:http://www.mail-archive.com/dev@httpd.apache.org/msg19014.html
mod_digest for Apache does not properly verify the nonce of a client
response by using a AuthNonce secret.
Current Votes:
None (candidate not yet proposed)
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.25-pre8
Locale: LANG=C, LC_CTYPE=en_US.ISO8859-1
--
Obsig: developing a new sig
Reply to: