Lucene search

K
cvelistApacheCVELIST:CVE-2019-0217
HistoryApr 08, 2019 - 8:11 p.m.

CVE-2019-0217

2019-04-0820:11:20
apache
www.cve.org

7.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.8%

In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.

CNA Affected

[
  {
    "product": "Apache HTTP Server",
    "vendor": "Apache",
    "versions": [
      {
        "status": "affected",
        "version": "2.4.0 to 2.4.38"
      }
    ]
  }
]

References