← back
CVE-2010-2068

CVE-2010-2068

EPSS 16.0%
mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://httpd.apache.org/security/vulnerabilities_22.htmlhttp://lists.apple.com/archives/security-announce/2011/Mar/msg00006.htmlhttp://mail-archives.apache.org/mod_mbox/httpd-announce/201006.mbox/%3C4C12933D.4060400%40apache.org%3Ehttp://marc.info/?l=apache-announce&m=128009718610929&w=2http://secunia.com/advisories/40206http://secunia.com/advisories/40824http://secunia.com/advisories/41480http://secunia.com/advisories/41490http://secunia.com/advisories/41722http://securitytracker.com/id?1024096https://exchange.xforce.ibmcloud.com/vulnerabilities/59413https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E