Vulnerability identifier: #VU11279
Vulnerability risk: Low
Exploitation vector: Network
Exploit availability: No
Vendor: Apache Foundation
The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists in Apache HTTPD mod_auth_digest due to improper generation of HTTP Digest authentication nonce. A remote attacker can replay HTTP requests across the cluster without detection by the target server(s) and bypass replay protection.
Update to version 2.4.32.
Vulnerable software versions
Apache HTTP Server: 2.4.1 - 2.4.29
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?