Primary

Context

Apache HTTP Server Digest Authentication Bypass Vulnerability Timing Attack

Vulnerability

Patched

A timing attack vulnerability has been identified in the mod_auth_digest module of Apache HTTP Server versions through 2.4.66. This vulnerability allows a remote attacker to bypass Digest authentication. The issue arises from the way authentication timing is handled, creating a potential window for exploitation.

Impact

Exploitation of this vulnerability allows for bypassing Digest authentication, potentially leading to unauthorized access.

Remediation

Users are advised to upgrade to Apache HTTP Server version 2.4.67, which addresses this vulnerability.

Added: May 4, 2026, 3:21 PM

Updated: May 4, 2026, 3:21 PM

Vulnerability Rating

Custom Algorithm

spread

9.4

impact

5.0

exploitability

7.6

remediation

7.7

relevance

7.0

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.4

impact

5.0

exploitability

7.6

remediation

7.7

relevance

7.0

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache HTTP Server Digest Authentication Bypass Vulnerability Timing Attack

Vulnerability

Impact

Remediation

Affected Products

Apache HTTP Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating