6 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.006 Low
EPSS
Percentile
75.8%
mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions. (CVE-2010-2791)
Impact
This vulnerability can allow the unauthorized disclosure of information.
Note: Themod_proxy module is present, but not directly used in a way that exposes this issue to an unauthenticated attacker. There is control plane exposure; however, there is no data plane exposure. This vulnerability is rated as a medium risk for the impacted BIG-IP versions.