5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
68.7%
mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does
not close the backend connection if a timeout occurs when reading a
response from a persistent connection, which allows remote attackers to
obtain a potentially sensitive response intended for a different client in
opportunistic circumstances via a normal HTTP request. NOTE: this is the
same issue as CVE-2010-2068, but for a different OS and set of affected
versions.
Author | Note |
---|---|
mdeslaur | only affected 2.2.9…got fixed in 2.2.10 introduced in http://svn.apache.org/viewvc?view=revision&revision=660936 |