CVE-2010-2791

Description

mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.

Affected packages (1)

• Debian/apache2from 0, < 2.2.9-10

References (1)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2010-2791