Candidate: CVE-2012-3502
PublicDate: 2012-08-22 19:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3502
 https://issues.apache.org/bugzilla/show_bug.cgi?id=53727
Description:
 The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module
 and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP
 Server 2.4.x before 2.4.3 does not properly determine the situations that
 require closing a back-end connection, which allows remote attackers to
 obtain sensitive information in opportunistic circumstances by reading a
 response that was intended for a different client.
Ubuntu-Description:
Notes:
 sbeattie> 2.4.x only
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_apache2:
upstream_apache2: released (2.4.3)
hardy_apache2: not-affected (2.4.x only)
lucid_apache2: not-affected (2.4.x only)
natty_apache2: not-affected (2.4.x only)
oneiric_apache2: not-affected (2.4.x only)
precise_apache2: not-affected (2.4.x only)
devel_apache2: not-affected (2.4.x only)