CVE-2012-3502

2012-08-22T19:55:00
ID CVE-2012-3502
Type cve
Reporter cve@mitre.org
Modified 2013-04-19T03:23:00

Description

The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.