CVE-2010-0434 in Oracle HTTP Server
摘要 (英语)
The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
预定
2010-01-27
披露
2010-03-05
条目
VulDB provides additional information and datapoints for this CVE:
| 标识符 | 漏洞 | CWE | 可利用 | 对策 | CVE |
|---|---|---|---|---|---|
| 9606 | Oracle HTTP Server Web Listener 信息公开 | 200 | 概念验证 | 官方修复 | CVE-2010-0434 |