CVE-2010-2791
EPSS 2.1%
Description
mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
How to fix CVE-2010-2791
To remediate CVE-2010-2791, upgrade the affected package to a fixed version below.
- Debian/apache2—upgrade to 2.2.9-10 or later
Is CVE-2010-2791 being exploited?
Low — EPSS is 2.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.2.9-10