Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Oracle HTTP Server Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition) Vulnerability - CVE-2019-0217 - Vulnerability Database
Oracle HTTP Server

Oracle HTTP Server Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition) Vulnerability - CVE-2019-0217

High
Reference: CVE-2019-0217
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2019-0217
Title: Oracle HTTP Server Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition) Vulnerability
Overview:

In Apache HTTP Server 2.4 release 2.4.38 and prior a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username bypassing configured access control restrictions.