Apache » Http Server : Security Vulnerabilities, CVEs, Published In 2012 (Information Leak)
The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
Max CVSS
4.3
EPSS Score
0.26%
Published
2012-08-22
Updated
2021-06-06
1 vulnerabilities found