Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2018-1312

Description

In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.

POC

Reference

No PoCs from references.

Github

- https://github.com/28d33/Security_Assessment

- https://github.com/ARPSyndicate/cvemon

- https://github.com/AlanShami/Red-Team-vs-Blue-Team-Project

- https://github.com/Chad-Atkinson/Red-vs-Blue-team-project

- https://github.com/ChadSWilliamson/Red-vs.-Blue-Project

- https://github.com/NeoOniX/5ATTACK

- https://github.com/PawanKumarPandit/Shodan-nrich

- https://github.com/RoseSecurity-Research/Red-Teaming-TTPs

- https://github.com/RoseSecurity/Red-Teaming-TTPs

- https://github.com/SamGeron/Red-Team-vs-Blue-Team

- https://github.com/Samaritin/OSINT

- https://github.com/SecureAxom/strike

- https://github.com/ShattenJager81/Cyber-2

- https://github.com/Xorlent/Red-Teaming-TTPs

- https://github.com/austin-lai/External-Penetration-Testing-Holo-Corporate-Network-TryHackMe-Holo-Network

- https://github.com/azuax/check-cves.py

- https://github.com/bartholomex-x/nrich

- https://github.com/bioly230/THM_Skynet

- https://github.com/firatesatoglu/shodanSearch

- https://github.com/hrbrmstr/internetdb

- https://github.com/intrigueio/intrigue-ident

- https://github.com/kabir0104k/ethan

- https://github.com/lekctut/sdb-hw-13-01

- https://github.com/pedr0alencar/vlab-metasploitable2

- https://github.com/retr0-13/nrich

- https://github.com/rnbochsr/yr_of_the_jellyfish

- https://github.com/rochoabanuelos/Red-Team-vs-Blue-Team-Analysis

- https://github.com/shamsulchowdhury/Unit-20-Project-2-Red-vs-Blue-Team

- https://github.com/syadg123/pigat

- https://github.com/teamssix/pigat

- https://github.com/vshaliii/Basic-Pentesting-2-Vulnhub-Walkthrough

- https://github.com/vshaliii/DC-1-Vulnhub-Walkthrough

- https://github.com/vshaliii/DC-2-Vulnhub-Walkthrough

- https://github.com/vshaliii/DC-3-Vulnhub-Walkthrough

- https://github.com/vshaliii/Funbox2-rookie

- https://github.com/xinity/shodan-nrich

- https://github.com/xxehacker/strike