CVE-2010-2791

CVE-2010-2791 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.

Learn more about our Cis Benchmark Audit For Apache Http Server.