Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
httpdApache Team FoundationHTTPD:7481E0764EEF83C3CBB922EDE395E552
HistoryJul 23, 2010 - 12:00 a.m.

Apache Httpd < 2.2.10 : Timeout detection flaw (mod_proxy_http)

2010-07-2300:00:00
Apache Team Foundation
httpd.apache.org
9

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

68.7%

JSON

An information disclosure flaw was found in mod_proxy_http in version 2.2.9 only, on Unix platforms. Under certain timeout conditions, the server could return a response intended for another user. Only those configurations which trigger the use of proxy worker pools are affected. There was no vulnerability on earlier versions, as proxy pools were not yet introduced. The simplest workaround is to globally configure:
SetEnv proxy-nokeepalive 1

CPENameOperatorVersion
apache httpdeq2.2.9

Related

openvas 11
veracode 1
nessus 9
securityvulns 3
cve 1
f5 2
ubuntucve 1
debiancve 1
oraclelinux 1
seebug 1
prion 1
redhat 1
centos 1
gentoo 1
oracle 1
openvas
openvas
Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
2010-10-19 00:00:00
Apache HTTP Server 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
2010-10-19 00:00:00
F5 BIG-IP - Apache HTTPD vulnerability CVE-2010-2791 and CVE-2010-2068
2016-01-05 00:00:00
veracode
veracode
Information Disclosure
2020-04-10 00:47:09
nessus
nessus
F5 Networks BIG-IP : Apache HTTPD vulnerability (K23332326)
2015-12-30 00:00:00
Apache < 2.2.10 Multiple Vulnerabilities
2008-10-21 00:00:00
Scientific Linux Security Update : httpd on SL5.x i386/x86_64
2012-08-01 00:00:00
securityvulns
securityvulns
Apache mod_proxy_http information leak
2010-08-19 00:00:00
[ MDVSA-2010:153 ] apache
2010-08-19 00:00:00
Oracle / Sun / MySQL / PeopleSoft multiple applications security vulnerabilities
2013-05-04 00:00:00
cve
cve
CVE-2010-2791
2010-08-05 18:17:00
f5
f5
SOL23332326 - Apache HTTPD vulnerability CVE-2010-2791
2015-12-29 00:00:00
K23332326 : Apache HTTPD vulnerability CVE-2010-2791
2015-12-29 00:00:00
ubuntucve
ubuntucve
CVE-2010-2791
2010-08-05 00:00:00
debiancve
debiancve
CVE-2010-2791
2010-08-05 18:17:00
oraclelinux
oraclelinux
httpd security and bug fix update
2010-08-30 00:00:00
seebug
seebug
Unix平台Apache mod_proxy_http模块超时处理信息泄露漏洞
2010-08-03 00:00:00
prion
prion
Design/Logic Flaw
2010-08-05 18:17:00
redhat
redhat
(RHSA-2010:0659) Moderate: httpd security and bug fix update
2010-08-30 00:00:00
centos
centos
httpd, mod_ssl security update
2010-08-31 21:00:21
gentoo
gentoo
Apache HTTP Server: Multiple vulnerabilities
2012-06-24 00:00:00
oracle
oracle
Oracle Critical Patch Update - April 2013
2013-04-16 00:00:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

68.7%

JSON
Related for HTTPD:7481E0764EEF83C3CBB922EDE395E552
openvas11veracode1nessus9securityvulns3cve1f52ubuntucve1debiancve1oraclelinux1seebug1prion1redhat1centos1gentoo1oracle1