Wind River Support Network

HomeDefectsLIN5-16169
Fixed

LIN5-16169 : Security Advisory - apache - CVE-2012-3502

Created: Sep 2, 2012    Updated: Dec 19, 2017
Resolved Date: Apr 22, 2014
Previous ID: LIN2-17880
Found In Version: 5.0
Fix Version: 5.0.1.14
Severity: Standard
Applicable for: Wind River Linux 5
Component/s: Userspace

Description

The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3502

Workaround

Unknown

Steps to Reproduce

Unknown

Other Downloads


Live chat
Online