CVE-2004-1082

mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.

Published: 2004-02-03 Last update: 2026-04-16 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2004-1082 is rated Moderate Risk (61.8/100): CVSS High severity, with high exploitation likelihood (EPSS 5.65%, 90th percentile). EPSS ranks this CVE among the most likely to be exploited in the near term. High exploitation likelihood—assess exposure and prioritize remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2004-1082

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-03-16 5.47% 5.65% +0.18%
2 2025-12-28 5.08% 5.47% +0.39%
3 2025-12-27 5.08%

Full EPSS history (13 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2004-1082

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
7.5 2.0 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:P)
Partial availability impact.
 10.0 6.4 [email protected]

Weakness enumeration for CVE-2004-1082

Affected software / configurations for CVE-2004-1082

Vendor Product Version Raw CPE
apache http_server 1.3 cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*
apache http_server 1.3.1 cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:*
apache http_server 1.3.3 cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:*
apache http_server 1.3.4 cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:*
apache http_server 1.3.6 cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:*
apache http_server 1.3.7 cpe:2.3:a:apache:http_server:1.3.7:*:dev:*:*:*:*:*
apache http_server 1.3.9 cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*
apache http_server 1.3.11 cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*
apache http_server 1.3.12 cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*
apache http_server 1.3.14 cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*
apache http_server 1.3.17 cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*
apache http_server 1.3.18 cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*
apache http_server 1.3.19 cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*
apache http_server 1.3.20 cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:*
apache http_server 1.3.22 cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*
apache http_server 1.3.23 cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*
apache http_server 1.3.24 cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:*
apache http_server 1.3.25 cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:*
apache http_server 1.3.26 cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:*
apache http_server 1.3.27 cpe:2.3:a:apache:http_server:1.3.27:*:*:*:*:*:*:*
apache http_server 1.3.28 cpe:2.3:a:apache:http_server:1.3.28:*:*:*:*:*:*:*
apache http_server 1.3.29 cpe:2.3:a:apache:http_server:1.3.29:*:*:*:*:*:*:*
apple apache_mod_digest_apple cpe:2.3:a:apple:apache_mod_digest_apple:*:*:*:*:*:*:*:*
avaya communication_manager 1.1 cpe:2.3:a:avaya:communication_manager:1.1:*:*:*:*:*:*:*
avaya communication_manager 1.3.1 cpe:2.3:a:avaya:communication_manager:1.3.1:*:*:*:*:*:*:*
avaya communication_manager 2.0 cpe:2.3:a:avaya:communication_manager:2.0:*:*:*:*:*:*:*
avaya communication_manager 2.0.1 cpe:2.3:a:avaya:communication_manager:2.0.1:*:*:*:*:*:*:*
avaya intuity_audix_lx cpe:2.3:a:avaya:intuity_audix_lx:*:*:*:*:*:*:*:*
hp virtualvault 4.5 cpe:2.3:a:hp:virtualvault:4.5:*:*:*:*:*:*:*
hp virtualvault 4.6 cpe:2.3:a:hp:virtualvault:4.6:*:*:*:*:*:*:*
hp virtualvault 4.7 cpe:2.3:a:hp:virtualvault:4.7:*:*:*:*:*:*:*
hp webproxy a.02.00 cpe:2.3:a:hp:webproxy:a.02.00:*:*:*:*:*:*:*
hp webproxy a.02.10 cpe:2.3:a:hp:webproxy:a.02.10:*:*:*:*:*:*:*
ibm http_server 1.3.19 cpe:2.3:a:ibm:http_server:1.3.19:*:*:*:*:*:*:*
avaya mn100 cpe:2.3:a:avaya:mn100:*:*:*:*:*:*:*:*
avaya network_routing cpe:2.3:a:avaya:network_routing:*:*:*:*:*:*:*:*
avaya modular_messaging_message_storage_server 1.1 cpe:2.3:o:avaya:modular_messaging_message_storage_server:1.1:*:*:*:*:*:*:*
avaya modular_messaging_message_storage_server 2.0 cpe:2.3:o:avaya:modular_messaging_message_storage_server:2.0:*:*:*:*:*:*:*
openbsd openbsd 3.4 cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*
openbsd openbsd 3.5 cpe:2.3:o:openbsd:openbsd:3.5:*:*:*:*:*:*:*
openbsd openbsd current cpe:2.3:o:openbsd:openbsd:current:*:*:*:*:*:*:*
sco openserver 5.0.6 cpe:2.3:o:sco:openserver:5.0.6:*:*:*:*:*:*:*
sco openserver 5.0.7 cpe:2.3:o:sco:openserver:5.0.7:*:*:*:*:*:*:*
sun solaris 8.0 cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*
sun solaris 9.0 cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*
sun solaris 9.0 cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*
sun sunos 5.8 cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*

References for CVE-2004-1082

cvelogic Threat Intelligence