Description

mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.

Remediation

References

CVE-2010-2791

Related Vulnerabilities

MySQL CVE-2016-9841 Vulnerability (CVE-2016-9841)

WordPress Plugin WP Post to PDF Enhanced Cross-Site Scripting (1.0.5)

Joomla! Core 1.0.x Multiple Unspecified Vulnerabilities (1.0.0 - 1.0.9)

MySQL CVE-2020-2573 Vulnerability (CVE-2020-2573)

Drupal Core 7.x Security Bypass (7.0 - 7.43)

Severity

Medium

Classification

CVE-2010-2791 CWE-200

Tags

Missing Update Known Vulnerabilities