The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x prior to 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote malicious users to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache http server 2.4.0 |
||
apache http server 2.4.1 |
||
apache http server 2.4.2 |