Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:20012
HistoryAug 03, 2010 - 12:00 a.m.

Unix平台Apache mod_proxy_http模块超时处理信息泄露漏洞

2010-08-0300:00:00
Root
www.seebug.org
54

0.006 Low

EPSS

Percentile

75.6%

JSON

BUGTRAQ ID: 42102
CVE(CAN) ID: CVE-2010-2791

Apache HTTP Server是一款流行的Web服务器。

Apache HTTP Server的mod_proxy_http模块中的mod_proxy_http.c文件没有正确地检测超时,在某些超时情况下服务器可能返回属于其他用户的响应,导致泄漏敏感信息。仅有可触发使用代理worker池的配置才受影响。

该漏洞与CVE-2010-2068中所述漏洞相同,但影响的是Unix系统上的httpd。

Apache 2.2.9
厂商补丁:

Apache Group

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://svn.apache.org/viewvc?view=revision&revision=699841

Related

f5 2
ubuntucve 2
debiancve 2
nessus 17
openvas 14
securityvulns 8
cve 2
prion 2
httpd 2
veracode 1
seebug 1
oraclelinux 1
redhat 1
centos 1
altlinux 3
gentoo 1
oracle 2
f5
f5
SOL23332326 - Apache HTTPD vulnerability CVE-2010-2791
2015-12-29 00:00:00
K23332326 : Apache HTTPD vulnerability CVE-2010-2791
2015-12-29 00:00:00
ubuntucve
ubuntucve
CVE-2010-2791
2010-08-05 00:00:00
CVE-2010-2068
2010-06-18 00:00:00
debiancve
debiancve
CVE-2010-2791
2010-08-05 18:17:00
CVE-2010-2068
2010-06-18 16:30:00
nessus
nessus
F5 Networks BIG-IP : Apache HTTPD vulnerability (K23332326)
2015-12-30 00:00:00
Oracle Linux 5 : httpd (ELSA-2010-0659)
2013-07-12 00:00:00
CentOS 5 : httpd (CESA-2010:0659)
2013-06-29 00:00:00
openvas
openvas
F5 BIG-IP - Apache HTTPD vulnerability CVE-2010-2791 and CVE-2010-2068
2016-01-05 00:00:00
Mandriva Update for apache MDVSA-2010:153 (apache)
2010-08-20 00:00:00
Mandriva Update for apache MDVSA-2010:153 (apache)
2010-08-20 00:00:00
securityvulns
securityvulns
Apache mod_proxy_http information leak
2010-08-19 00:00:00
[ MDVSA-2010:153 ] apache
2010-08-19 00:00:00
[advisory] httpd Timeout detection flaw (mod_proxy_http) CVE-2010-2068
2010-06-14 00:00:00
cve
cve
CVE-2010-2791
2010-08-05 18:17:00
CVE-2010-2068
2010-06-18 16:30:00
prion
prion
Design/Logic Flaw
2010-08-05 18:17:00
Design/Logic Flaw
2010-06-18 16:30:00
httpd
httpd
Apache Httpd < 2.2.10 : Timeout detection flaw (mod_proxy_http)
2010-07-23 00:00:00
Apache Httpd < 2.2.16 : Timeout detection flaw (mod_proxy_http)
2010-06-09 00:00:00
veracode
veracode
Information Disclosure
2020-04-10 00:47:09
seebug
seebug
Apache mod_proxy_http模块超时处理信息泄露漏洞
2010-06-21 00:00:00
oraclelinux
oraclelinux
httpd security and bug fix update
2010-08-30 00:00:00
redhat
redhat
(RHSA-2010:0659) Moderate: httpd security and bug fix update
2010-08-30 00:00:00
centos
centos
httpd, mod_ssl security update
2010-08-31 21:00:21
altlinux
altlinux
Security fix for the ALT Linux 10 package apache2 version 2.2.16-alt1
2010-09-16 00:00:00
Security fix for the ALT Linux 8 package apache2 version 2.2.16-alt1
2010-09-16 00:00:00
Security fix for the ALT Linux 9 package apache2 version 2.2.16-alt1
2010-09-16 00:00:00
gentoo
gentoo
Apache HTTP Server: Multiple vulnerabilities
2012-06-24 00:00:00
oracle
oracle
Oracle Critical Patch Update - April 2013
2013-04-16 00:00:00
Oracle Critical Patch Update - July 2013
2013-07-16 00:00:00

0.006 Low

EPSS

Percentile

75.6%

JSON
Related for SSV:20012
f52ubuntucve2debiancve2nessus17openvas14securityvulns8cve2prion2httpd2veracode1seebug1oraclelinux1redhat1centos1altlinux3gentoo1oracle2