Information disclosure in Apache Http_server

CVE-2010-2068

mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which…

Vulnerability class: Information Disclosure

EPSS: 0.085 (92.5th percentile) — read the EPSS interpretation.

Affected products

Apache Http_server — versions 2.2.13, 2.2.15, 2.2.11
Ibm Os2
Microsoft Windows
Novell Netware
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

ADV-2010-1436 (Patch, vdb-entry, x_refsource_VUPEN, Vendor Advisory)
[httpd-announce] 20100611 [advisory] httpd Timeout detection flaw (mod_proxy_http) CVE-2010-2068 (mailing-list, x_refsource_MLIST)
oval:org.mitre.oval:def:6931 (x_refsource_OVAL, signature, vdb-entry)
40824 (x_refsource_SECUNIA, third-party-advisory)
oval:org.mitre.oval:def:11491 (x_refsource_OVAL, signature, vdb-entry)
20100611 [advisory] httpd Timeout detection flaw (mod_proxy_http) CVE-2010-2068 (mailing-list, x_refsource_BUGTRAQ)
41722 (x_refsource_SECUNIA, third-party-advisory)
SI4053 (vendor-advisory, x_refsource_AIXAPAR)
secalert@redhat.com (x_refsource_CONFIRM)
APPLE-SA-2011-03-21-1 (vendor-advisory, x_refsource_APPLE)