mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
References
Configurations
Configuration 1 (hide)
AND |
|
History
13 Feb 2023, 04:19
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
06 Jun 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 Jun 2021, 08:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Mar 2021, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Mar 2021, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2010-06-18 16:30
Updated : 2023-12-10 11:03
NVD link : CVE-2010-2068
Mitre link : CVE-2010-2068
CVE.ORG link : CVE-2010-2068
JSON object : View
Products Affected
microsoft
- windows
novell
- netware
apache
- http_server
ibm
- os2
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor