1
Candidate: CVE-2010-2791
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2791
5
http://httpd.apache.org/security/vulnerabilities_22.html
6
http://www.openwall.com/lists/oss-security/2010/07/30/1
8
mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does
9
not close the backend connection if a timeout occurs when reading a
10
response from a persistent connection, which allows remote attackers to
11
obtain a potentially sensitive response intended for a different client in
12
opportunistic circumstances via a normal HTTP request. NOTE: this is the
13
same issue as CVE-2010-2068, but for a different OS and set of affected
17
mdeslaur> only affected 2.2.9...got fixed in 2.2.10
18
mdeslaur> introduced in http://svn.apache.org/viewvc?view=revision&revision=660936
25
upstream: http://svn.apache.org/viewvc?view=revision&revision=699841
26
upstream_apache2: released (2.2.10)
27
dapper_apache2: not-affected (2.0.55-4ubuntu2.11)
28
hardy_apache2: not-affected (2.2.8-1ubuntu0.18)
29
jaunty_apache2: ignored (reached end-of-life)
30
karmic_apache2: not-affected (2.2.12-1ubuntu2.3)
31
lucid_apache2: not-affected (2.2.14-5ubuntu8.3)
32
maverick_apache2: not-affected (2.2.16-1ubuntu3)
33
devel_apache2: not-affected (2.2.16-3ubuntu1)