Netapp » Clustered Data Ontap : Security Vulnerabilities, CVEs, (Gain Privilege)
In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.
Max CVSS
9.8
EPSS Score
1.82%
Published
2018-03-26
Updated
2022-09-07
CVE-2015-7871
Public exploit
Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.
Max CVSS
9.8
EPSS Score
97.02%
Published
2017-08-07
Updated
2021-04-13
2 vulnerabilities found