Government of the Republic of Trinidad and Tobago                                                                                                                                        


News

TTCSIRT-204.040919: TT-CSIRT Advisory – Apache Security Updates

8th April 2019

Apache has released a security update stating that in Apache HTTP Server 2.4 releases, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.

Further information on this vulnerability and how it can be mitigated can be found on the Apache Website at https://httpd.apache.org/security/vulnerabilities_24.html