[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2010-2791: mod_proxy information leak affecting 2.2.9 only
From: Joe Orton <jorton () redhat ! com>
Date: 2010-07-30 15:15:09
Message-ID: 20100730151509.GD4125 () redhat ! com
[Download RAW message or body]
Jeremy Sowden discovered an information leak in mod_proxy affecting
httpd version 2.2.9 only. If a timeout occurred reading a response from
a backend on a persistent connection, the backend connection was not
closed. The response could subsequently be read and delivered to an
unrelated client.
This issue has been assigned CVE name CVE-2010-2791, and is equivalent
to CVE-2010-2068 (fixed in 2.2.16) but affects httpd on Unix. The bug
was fixed* in 2.2.10 but the security impact was not known at the time.
I'll update http://httpd.apache.org/security/vulnerabilities_22.html to
reflect this shortly.
Regards, Joe
* fix for 2.2.x branch: http://svn.apache.org/viewvc?rev=699841&view=rev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic