Description
The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
Remediation
References
Related Vulnerabilities
WordPress Plugin Profile Builder Pro SQL Injection (3.3.2)
Oracle Application Server Other Vulnerability (CVE-2002-0568)
WordPress Plugin Translate WordPress-Google Language Translator Cross-Site Scripting (6.0.9)
Apache Tomcat Improper Resource Shutdown or Release Vulnerability (CVE-2017-5650)
WordPress Plugin Stock market charts from finviz Cross-Site Scripting (1.0)