CVE-2010-2068
Published Jun 18, 2010
Last updated 2 years ago
Overview
- Description
- mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-200
Evaluator
- Comment
- -
- Impact
- Per: http://httpd.apache.org/security/vulnerabilities_22.html 'Only Windows, Netware and OS2 operating systems are affected.'
- Solution
- Per: http://httpd.apache.org/security/vulnerabilities_22.html 'Only Windows, Netware and OS2 operating systems are affected.'
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AB63EBE5-CF14-491E-ABA5-67116DFE3E5B"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8C2A33DE-F55F-4FD8-BB00-9C1E006CA65C"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B1CF6394-95D9-42AF-A442-385EFF9CEFE1"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "02B629FB-88C8-4E85-A137-28770F1E524E"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "03550EF0-DF89-42FE-BF0E-994514EBD947"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4886CCAB-6D4E-45C7-B177-2E8DBEA15531"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C35631AC-7C35-4F6A-A95A-3B080E5210ED"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.3.4:alpha:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0783256B-6C37-4679-AECD-35B125037DE7"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.3.5:alpha:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A1BA6174-944B-4DBD-B5C3-5820A17E334C"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:os2:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "AD5511BD-2A41-4FF6-BD3F-9448F3F8AC90"
},
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256"
},
{
"criteria": "cpe:2.3:o:novell:netware:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "BF45C68A-5F83-4090-A0C1-A09EC2987706"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]