`CVE List
`CNAs
`Board
`MVO
`News & Blog
`Go to for:
`CVSS Scores
`CPE Info
`Advanced Search
`
`1 - 3
`
`About
`
`3
`
`3
`
`Common Vulnerabilities and Exposures
`
`Full-Screen View
`
`CVE-2018-1312 Learn more at National Vulnerability Database (NVD).
`• CVSS Severity Rating • Fix Information • Vulnerable Software
`Versions • SCAP Mappings • CPE Information
`
`In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge,
`the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random
`seed. In a cluster of servers using a common Digest authentication configuration, HTTP
`requests could be replayed across servers by an attacker without detection.
`
`_.;iimi =Illi..=,
`Note: References are provided for the convenience of the reader to help distinguish between
`vulnerabilities. The list is not intended
`to be complete.
`
`• MLIST:[oss-security] 20180323 CVE-2018-1312: Weak Digest auth nonce generation in
`mod_auth_digest
`• URL:http://www.openwall.com/lists/oss-security/2018/03/24/7
`• MLIST:[debian-Its-announce] 20180530 [SECURITY] [DLA 1389-1] apache2 security
`update
`• URL:https://lists.debian.org/debian-Its-announce/2018/05/msg00020.html
`• CONFIRM:https://httpd.apache.org/security/vulnerabilities 24.html
`• CONFIRM:https://security.netapp.com/advisory/ntap-20180601-0004/
`• DEBIAN:DSA-4164
`• URL:https://www.debian.org/security/2018/dsa-4164
`• REDHAT:RHSA-2018:3558
`• URL:https://access.redhat.com/errata/RHSA-2018:3558
`• UBUNTU:USN-3627-1
`• URL:https://usn.ubuntu.com/3627-1/
`• UBUNTU:USN-3627-2
`• URL:https://usn.ubuntu.com/3627-2/
`• BID:103524
`• URL:http://www.securityfocus.com/bid/103524
`• SECTRACK: 1040571
`• URL: http://www.securitytracker.com/id/1040571
`
`Apache Software Foundation
`
`WIZ, Inc. EXHIBIT - 1102
`WIZ, Inc. v. Orca Security LTD.
`
`
`
`Disclaimer: The entry creation date may reflect when the CVE
`ID was allocated or reserved, and does not necessarily indicate
`when this vulnerability was discovered, shared with the affected
`vendor, publicly disclosed, or updated in CVE.
`
`de Entry Created
`20171207
`
`%ACP f I canary'
`
`Assigned (20171207)
`
`--losed (Legacy)
`N/A
`
`This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity
`vulnerabilities.
`
`SEARCH CVE USING KEYWORDS:
`using the CVE Reference Maps.
`You can also search by reference
`
`Submit
`
`For More Information: cve@mitre.org.
`
`
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
