CVE-2010-0434
The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.Enginsight
Vendor | Product | Version |
---|---|---|
apache | http_server | 2.0.35 ≤ 𝑥 < 2.0.64 |
apache | http_server | 2.2.0 ≤ 𝑥 < 2.2.15 |
debian | debian_linux | 5.0 |
debian | debian_linux | 6.0 |
Debian Releases
Ubuntu Releases
Common Weakness Enumeration