The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
http://bugs.gentoo.org/show_bug.cgi?id=186219
http://httpd.apache.org/security/vulnerabilities_22.html
http://issues.apache.org/bugzilla/show_bug.cgi?id=41551
http://people.apache.org/~covener/2.2.x-mod_memcache-poolmgmt.diff
http://secunia.com/advisories/26273
http://secunia.com/advisories/26842
http://secunia.com/advisories/27563
http://security.gentoo.org/glsa/glsa-200711-06.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:127
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html