Description
mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
Remediation
References
Related Vulnerabilities
WordPress Plugin Google XML Sitemaps Cross-Site Scripting (4.0.9)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2081)
SharePoint Out-of-bounds Write Vulnerability (CVE-2021-1715)
WordPress Plugin WP Last Modified Info Cross-Site Scripting (1.6.5)
IBM WebSEAL Missing Authorization Vulnerability (CVE-2019-4158)