CVE-2012-3502

Apache HTTP Server < 2.4.3 - Exposure of Sensitive Information via Proxy Connection Reuse

Title source: llm
STIX 2.1

Description

The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.

References (17)

Core 17
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/55131
Vendor Advisory x_refsource_confirm
http://httpd.apache.org/security/vulnerabilities_24.html
Various Sources x_refsource_confirm
http://www.apache.org/dist/httpd/CHANGES_2.4.3

Scores

EPSS 0.0989
EPSS Percentile 95.0%

Details

CWE
CWE-200
Status published
Products (3)
apache/http_server 2.4.0
apache/http_server 2.4.1
apache/http_server 2.4.2
Published Aug 22, 2012
Tracked Since Feb 18, 2026