Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Apache HTTP Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2010-0434 - Vulnerability Database
Apache HTTP Server

Apache HTTP Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2010-0434

Medium
Reference: CVE-2010-0434
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2010-0434
Title: Apache HTTP Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Overview:

The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15 when a multithreaded MPM is used does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.