TTCSIRT-204.040919: TT-CSIRT Advisory – Apache Security Updates
Apache has released a security update stating that in Apache HTTP Server 2.4 releases, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.
| Further information on this vulnerability and how it can be mitigated can be found on the Apache Website at https://httpd.apache.org/security/vulnerabilities_24.html |
