Description
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.
Remediation
References
Related Vulnerabilities
WordPress Plugin Site Reviews CSV Injection (6.2.0)
Oracle HTTP Server Integer Overflow or Wraparound Vulnerability (CVE-2022-25314)
WordPress Plugin Exxp Cross-Site Scripting (2.6.8)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2354)
WordPress Plugin WPQA-Builder forms Addon For WordPress Insecure Direct Object Reference (5.9.2)