Apache HTTP Server Improper Authentication Vulnerability - CVE-2018-1312

In Apache httpd 2.2.0 to 2.4.29 when generating an HTTP Digest authentication challenge the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration HTTP requests could be replayed across servers by an attacker without detection.