5

CVE-2010-2068

mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheHTTP Server Version2.2.9
   IbmOs2
   MicrosoftWindows
   NovellNetware
ApacheHTTP Server Version2.2.10
   IbmOs2
   MicrosoftWindows
   NovellNetware
ApacheHTTP Server Version2.2.11
   IbmOs2
   MicrosoftWindows
   NovellNetware
ApacheHTTP Server Version2.2.12
   IbmOs2
   MicrosoftWindows
   NovellNetware
ApacheHTTP Server Version2.2.13
   IbmOs2
   MicrosoftWindows
   NovellNetware
ApacheHTTP Server Version2.2.14
   IbmOs2
   MicrosoftWindows
   NovellNetware
ApacheHTTP Server Version2.2.15
   IbmOs2
   MicrosoftWindows
   NovellNetware
ApacheHTTP Server Version2.3.4 Updatealpha
   IbmOs2
   MicrosoftWindows
   NovellNetware
ApacheHTTP Server Version2.3.5 Updatealpha
   IbmOs2
   MicrosoftWindows
   NovellNetware
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 16% 0.965
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E
http://httpd.apache.org/security/vulnerabilities_22.html
Patch
Vendor Advisory
http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E
http://www.redhat.com/support/errata/RHSA-2011-0896.html
http://secunia.com/advisories/41480
http://secunia.com/advisories/41490
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995
https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
http://mail-archives.apache.org/mod_mbox/httpd-announce/201006.mbox/%3C4C12933D.4060400%40apache.org%3E
http://marc.info/?l=apache-announce&m=128009718610929&w=2
http://secunia.com/advisories/40206
Vendor Advisory
http://secunia.com/advisories/40824
http://secunia.com/advisories/41722
http://securitytracker.com/id?1024096
http://support.apple.com/kb/HT4581
http://www-01.ibm.com/support/docview.wss?uid=nas352ca0ac9460f9b8886257777005dd0e4
http://www.apache.org/dist/httpd/patches/apply_to_2.2.15/CVE-2010-2068-r953616.patch
Patch
http://www.apache.org/dist/httpd/patches/apply_to_2.3.5/CVE-2010-2068-r953418.patch
Patch
http://www.ibm.com/support/docview.wss?uid=swg1PM16366
http://www.securityfocus.com/archive/1/511809/100/0/threaded
http://www.securityfocus.com/bid/40827
http://www.vupen.com/english/advisories/2010/1436
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/59413
https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3Ccvs.httpd.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11491
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6931