CVE-2010-2791
Publication date 5 August 2010
Last updated 24 July 2024
Ubuntu priority
mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
Status
Package | Ubuntu Release | Status |
---|---|---|
apache2 | ||
Notes
mdeslaur
only affected 2.2.9...got fixed in 2.2.10 introduced in http://svn.apache.org/viewvc?view=revision&revision=660936
Patch details
Package | Patch details |
---|---|
apache2 |