Description
mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
Remediation
References
Related Vulnerabilities
WordPress Plugin Language Bar Flags Cross-Site Request Forgery (1.0.8)
Magento Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2019-7950)
Joomla! Core 3.x.x Cross-Site Scripting (3.6.0 - 3.9.6)
WordPress Plugin WP Statistics Cross-Site Scripting (13.2.1)
Oracle JRE Incorrect Conversion between Numeric Types Vulnerability (CVE-2022-34169)