TTCSIRT-204.040919: TT-CSIRT Advisory – Apache Security Updates

TTCSIRT-204.040919: TT-CSIRT Advisory – Apache Security Updates

Apache has released a security update stating that in Apache HTTP Server 2.4 releases, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.

Further information on this vulnerability and how it can be mitigated can be found on the Apache Website at https://httpd.apache.org/security/vulnerabilities_24.html