A race condition was found in mod_auth_digest when the web server was running in a threaded MPM configuration. It could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.
This flaw only affects a threaded server configuration, so using the prefork MPM is an effective mitigation. In versions of httpd package shipped with Red Hat Enterprise Linux 7, the prefork MPM is the default configuration.