Описание
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 2.4.29-1ubuntu4.6 |
| cosmic | released | 2.4.34-1ubuntu2.1 |
| devel | released | 2.4.38-2ubuntu2 |
| esm-infra-legacy/trusty | released | 2.4.7-1ubuntu4.22 |
| esm-infra/bionic | released | 2.4.29-1ubuntu4.6 |
| esm-infra/xenial | released | 2.4.18-2ubuntu3.10 |
| precise/esm | not-affected | 2.2.22-1ubuntu1.15 |
| trusty | released | 2.4.7-1ubuntu4.22 |
| trusty/esm | released | 2.4.7-1ubuntu4.22 |
| upstream | needs-triage |
Показывать по
6 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition i ...
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.
Уязвимость компонента mod_auth_digest веб-сервера Apache HTTP Server, позволяющая нарушителю проходить аутентификацию, используя другое имя пользователя
6 Medium
CVSS2
7.5 High
CVSS3