CVE-2019-0217

Priority
Description
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in
mod_auth_digest when running in a threaded server could allow a user with
valid credentials to authenticate using another username, bypassing
configured access control restrictions.
Assigned-to
mdeslaur
Notes
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):released (2.2.22-1ubuntu1.15)
Ubuntu 14.04 ESM (Trusty Tahr):released (2.4.7-1ubuntu4.22)
Ubuntu 16.04 LTS (Xenial Xerus):released (2.4.18-2ubuntu3.10)
Ubuntu 18.04 LTS (Bionic Beaver):released (2.4.29-1ubuntu4.6)
Patches:
Upstream:https://github.com/apache/httpd/commit/44b3ddc560c490c60600998fa2bf59b142d08e05
More Information

Updated: 2020-03-18 22:53:39 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)