Bug#230999: [CAN-2003-0987] mod_digest for Apache does not properly verify the nonce of a client response by using a AuthNonce secret.
On Tue, Feb 03, 2004 at 10:37:33PM +0100, J.H.M. Dassen (Ray) wrote:
> Package: apache
> Version: 1.3.29.0.1-5
> Severity: grave
> Tags: security patch
>
> Candidate: CAN-2003-0987
> URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0987
> Phase: Assigned (20031216)
> Category: SF
> Reference:
> CONFIRM:http://www.mail-archive.com/dev@httpd.apache.org/msg19007.html
> Reference:
> CONFIRM:http://www.mail-archive.com/dev@httpd.apache.org/msg19014.html
>
> mod_digest for Apache does not properly verify the nonce of a client
> response by using a AuthNonce secret.
>
>
> Current Votes:
> None (candidate not yet proposed)
Can anyone explain the true impact of this bug? The fix looks rather
intrusive.
--
- mdz
Reply to: