The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x prior to 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote malicious users to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache http server |
||
fedoraproject fedora 11 |
||
fedoraproject fedora 13 |
||
debian debian linux 5.0 |
||
debian debian linux 6.0 |