CVE-2007-1862
CVE-2007-1862
The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://bugs.gentoo.org/show_bug.cgi?id=186219http://httpd.apache.org/security/vulnerabilities_22.htmlhttp://issues.apache.org/bugzilla/show_bug.cgi?id=41551http://osvdb.org/38641http://people.apache.org/~covener/2.2.x-mod_memcache-poolmgmt.diffhttp://secunia.com/advisories/26273http://secunia.com/advisories/26842http://secunia.com/advisories/27563http://security.gentoo.org/glsa/glsa-200711-06.xmlhttps://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E