Cybersecurity
DevOps Cloud
IT Operations Cloud
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd.
OO does not use Apache httpd Webserver. It uses Apache Tomcat Webserver instead. OO is not vulnerable to this CVE.