ELSA-2019-1898

Опубликовано: 30 июл. 2019

Источник: oracle-oval

Платформа: Oracle Linux 7

Описание

ELSA-2019-1898: httpd security update (LOW)

[2.4.6-89.0.1]

replace index.html with Oracle's index page oracle_index.html

[2.4.6-89.1]

Resolves: #1719722 - CVE-2018-1312 httpd: Weak Digest auth nonce generation in mod_auth_digest

Обновленные пакеты

Oracle Linux 7

Oracle Linux aarch64

httpd

2.4.6-89.0.1.el7_6.1

httpd-devel

2.4.6-89.0.1.el7_6.1

httpd-manual

2.4.6-89.0.1.el7_6.1

httpd-tools

2.4.6-89.0.1.el7_6.1

mod_ldap

2.4.6-89.0.1.el7_6.1

mod_proxy_html

2.4.6-89.0.1.el7_6.1

mod_session

2.4.6-89.0.1.el7_6.1

mod_ssl

2.4.6-89.0.1.el7_6.1

Oracle Linux x86_64

httpd

2.4.6-89.0.1.el7_6.1

httpd-devel

2.4.6-89.0.1.el7_6.1

httpd-manual

2.4.6-89.0.1.el7_6.1

httpd-tools

2.4.6-89.0.1.el7_6.1

mod_ldap

2.4.6-89.0.1.el7_6.1

mod_proxy_html

2.4.6-89.0.1.el7_6.1

mod_session

2.4.6-89.0.1.el7_6.1

mod_ssl

2.4.6-89.0.1.el7_6.1

Связанные CVE

CVE-2018-1312

Ссылки на источники

Связанные уязвимости

CVE-2018-1312

CVSS3: 9.8

ubuntu

почти 8 лет назад

In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.