Affected Versions:
Apache 2.2.9
Vulnerability description:
Bugtraq id: 42102CVE (CAN) ID: CVE-2010-2791Apache HTTP Server is a popular Web Server. The mod_proxy_http.c file in the mod_proxy_http module of Apache HTTP Server does not correctly detect timeout,
In some timeout situations, the server may return responses from other users, resulting in leakage of sensitive information.
Only configurations that can trigger the use of the proxy worker pool are affected. The vulnerability is the same as the vulnerability described in the CVE-2010-2068, but affects httpd on Unix systems.
<* Reference
Http://permalink.gmane.org/gmane.comp.security.oss.general/3243
*>Security suggestions:
Vendor patch: Apache Group ------------ the current vendor has released the upgrade patch to fix this security problem, please download to the vendor's home page: http://svn.apache.org/viewvc? View = revision & revision = 699841