Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3502

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-3502
Last Modified 18 Apr 2013 11:23:43
Published 22 Aug 2012 03:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-3502

Summary

The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.

Vulnerable Systems

Application

  • Apache Http Server 2.4.0

  • Apache Http Server 2.4.1

  • Apache Http Server 2.4.2


References

CONFIRM - http://www.apache.org/dist/httpd/CHANGES_2.4.3

MLIST - [announce] 20120821 [ANNOUNCEMENT] Apache HTTP Server 2.4.3 Released

CONFIRM - http://httpd.apache.org/security/vulnerabilities_24.html

BID - 55131


Last Updated: 27 May 2016 11:00:18