ALPINE-CVE-2018-1312
Advisory lineage Upstream: 1 Downstream: 0
Upstream
Published: 26 Mar 2018, 15:29
Last modified:03 Dec 2025, 22:41
Vulnerability Summary
Overall Risk (default)
high
70/100 CVSS Score
9.8 CRITICAL
3.1 (osv_alpine)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
26 Mar 2018, 15:29
Published
Vulnerability first disclosed
03 Dec 2025, 22:41
Last Modified
Vulnerability information updated
Description
In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.
CVSS Metrics
- v3.1•CRITICAL•Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Systems
- alpine•apache2
< 2.4.33-r0 | < 2.4.33-r0 | < 2.4.33-r0 | < 2.4.33-r0 | < 2.4.33-r0 | < 2.4.33-r0 | < 2.4.33-r0 | < 2.4.33-r0 | < 2.4.33-r0 | < 2.4.33-r0 | < 2.4.33-r0 | < 2.4.33-r0 | < 2.4.33-r0 | < 2.4.33-r0 | < 2.4.33-r0 | < 2.4.33-r0 | < 2.4.33-r0 | < 2.4.33-r0 | < 2.4.33-r0 | < 2.4.33-r0