CVE-2012-3502

Priority
Description
The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module
and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP
Server 2.4.x before 2.4.3 does not properly determine the situations that
require closing a back-end connection, which allows remote attackers to
obtain sensitive information in opportunistic circumstances by reading a
response that was intended for a different client.
Notes
sbeattie2.4.x only
Package
Upstream:released (2.4.3)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (2.4.x only)
More Information

Updated: 2020-09-10 02:11:16 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)