Bug 430529 (CVE-2003-0987)

Summary: CVE-2003-0987 httpd mod_digest nonce not verified
Product: [Other] Security Response Reporter: Mark J. Cox <mjc>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: jorton
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2003-0987
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-12-21 22:55:25 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 137419    
Bug Blocks:    

Description Mark J. Cox 2008-01-28 16:29:59 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2003-0987 to the following vulnerability:

mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.

References:

http://www.mail-archive.com/dev@httpd.apache.org/msg19007.html
http://www.mail-archive.com/dev@httpd.apache.org/msg19014.html
http://www.mandriva.com/security/advisories?name=MDKSA-2004:046
http://www.redhat.com/support/errata/RHSA-2004-600.html
http://www.redhat.com/support/errata/RHSA-2005-816.html
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1
http://www.trustix.org/errata/2004/0027
http://marc.theaimsgroup.com/?l=bugtraq&m=108437852004207&w=2
http://security.gentoo.org/glsa/glsa-200405-22.xml
http://www.securityfocus.com/bid/9571
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4416
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100108
http://securitytracker.com/id?1008920
http://xforce.iss.net/xforce/xfdb/15041
Comment 1 Mark J. Cox 2008-01-28 16:30:43 UTC 
The mod_digest module does not properly verify the nonce of a client
response by using a AuthNonce secret. This could allow a malicious
user who is able to sniff network traffic to conduct a replay attack
against a website using Digest protection. Note that mod_digest
implements an older version of the MD5 Digest Authentication
specification, which is known not to work with modern browsers. This
issue does not affect mod_auth_digest.
(CAN-2003-0987).
Comment 2 Vincent Danen 2010-12-21 22:55:25 UTC 
This was addressed via:

Red Hat Enterprise Linux version 2.1 (RHSA-2004:600/0
Red Hat Stronghold 4 (RHSA-2004:653)
Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1) (RHSA-2005:816)