Description
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.
Remediation
References
Related Vulnerabilities
PHP Out-of-bounds Read Vulnerability (CVE-2016-9935)
WordPress Plugin WP Visitor Statistics (Real Time Traffic) Unspecified Vulnerability (4.8)
WordPress Plugin Portable phpMyAdmin Authentication Bypass (1.3.0)
WordPress Plugin PDW Media File Browser 'upload.php' Arbitrary File Upload (1.1)
WordPress Plugin Facebook Promotion Generator for WordPress 'fbActivate.php' SQL Injection (1.3.3)