CVE-2010-2791
published 2010-08-05CVE-2010-2791: mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a…
medium5CVSS 3.1
AVNACLAuNCPINAN
mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | http_server | — | — |
| apache | httpd | — | — |
| debian | apache2 | < apache2 2.2.9-10 (bookworm) | apache2 2.2.9-10 (bookworm) |
CVSS provenance
nvd5.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.0MEDIUM