4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
65.7%
The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module
and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP
Server 2.4.x before 2.4.3 does not properly determine the situations that
require closing a back-end connection, which allows remote attackers to
obtain sensitive information in opportunistic circumstances by reading a
response that was intended for a different client.
Author | Note |
---|---|
sbeattie | 2.4.x only |