Description

In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.

Remediation

References

CVE-2019-0217

Related Vulnerabilities

WordPress Plugin Post SMTP-WP SMTP with Email Logs & Mobile App for Failure Alerts-Any SMTP Plus Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES, Postmark Security Bypass (2.8.7)

WordPress Plugin Archivist-Custom Archive Templates Multiple Vulnerabilities (1.7.4)

WordPress Plugin Mikiurl WordPress Eklentisi Cross-Site Request Forgery (2.0)

OpenSSL Other Vulnerability (CVE-2006-7250)

Collabtive Improper Input Validation Vulnerability (CVE-2012-2670)

Severity

High

Classification

CVE-2019-0217 CWE-362 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities