CVE-2010-2791
httpd: Reverse proxy sends wrong responses after time-outs
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
mod_proxy en httpd del servidor HTTP Apache v2.2.9, cuando se ejecuta en Unix, no cierra la conexión interna si se produce un fin de tiempo de espera al leer una respuesta de una conexión persistente, lo que permite a atacantes remotos obtener una respuesta potencialmente sensibles, destinada a un cliente diferente en circunstancias oportunistas a través de una petición HTTP normal. NOTA: este es el mismo problema que CVE-2010-2068, pero para un Sistema Operativo diferente y un conjunto de versiones afectadas.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-07-22 CVE Reserved
- 2010-08-05 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (23)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | 2023-11-07 | |
http://www.redhat.com/support/errata/RHSA-2010-0659.html | 2023-11-07 | |
https://access.redhat.com/security/cve/CVE-2010-2791 | 2010-08-30 | |
https://bugzilla.redhat.com/show_bug.cgi?id=617523 | 2010-08-30 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.9 Search vendor "Apache" for product "Http Server" and version "2.2.9" | - |
Affected
| in | Unix Search vendor "Unix" | Unix Search vendor "Unix" for product "Unix" | * | - |
Safe
|