Description
The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
Remediation
References
Related Vulnerabilities
Ruby on Rails URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-22881)
WordPress Plugin Light Post 'abspath' Parameter Remote File Include (1.4)
Dolibarr Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2021-25957)
Moodle Credentials Management Errors Vulnerability (CVE-2011-4587)