The modules mod_proxy_ajp and mod_proxy_http did not always close the connection to the back end server when necessary as part of error handling. This could lead to an information disclosure due to a response mixup between users.
CPE | Name | Operator | Version |
---|---|---|---|
apache httpd | eq | 2.4.2 | |
apache httpd | eq | 2.4.1 |