CVE-2010-2791

MEDIUM

Description

mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.

References

http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

http://www.openwall.com/lists/oss-security/2010/07/30/1

http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html

http://www.redhat.com/support/errata/RHSA-2010-0659.html

http://www.securityfocus.com/bid/42102

https://exchange.xforce.ibmcloud.com/vulnerabilities/60883

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

Details

Source: MITRE

Published: 2010-08-05

Updated: 2017-08-17

Type: CWE-200

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Tenable Plugins

View all (9 total)

IDNameProductFamilySeverity
87660F5 Networks BIG-IP : Apache HTTPD vulnerability (K23332326)NessusF5 Networks Local Security Checks
medium
68091Oracle Linux 5 : httpd (ELSA-2010-0659)NessusOracle Linux Local Security Checks
medium
67078CentOS 5 : httpd (CESA-2010:0659)NessusCentOS Local Security Checks
medium
60847Scientific Linux Security Update : httpd on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
medium
59678GLSA-201206-25 : Apache HTTP Server: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
58811HP System Management Homepage < 7.0 Multiple VulnerabilitiesNessusWeb Servers
critical
48934RHEL 5 : httpd (RHSA-2010:0659)NessusRed Hat Local Security Checks
medium
48347Mandriva Linux Security Advisory : apache (MDVSA-2010:153)NessusMandriva Local Security Checks
medium
4712Apache < 2.2.10 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
medium