Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3502


Vulnerability Score 4.3 4.3
CVE Id CVE-2012-3502
Last Modified 18 Apr 2013 11:23:43
Published 22 Aug 2012 03:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.

Vulnerable Systems


  • Apache Http Server 2.4.0

  • Apache Http Server 2.4.1

  • Apache Http Server 2.4.2



MLIST - [announce] 20120821 [ANNOUNCEMENT] Apache HTTP Server 2.4.3 Released


BID - 55131

Last Updated: 27 May 2016 11:00:18