Philip Pickett

**Name of the Vulnerable Software and Affected Versions** Apache HTTP Server versions 2.2.x before 2.2.15 **Description** The issue is related to the `ap read request` function in the Apache HTTP Server, specifically when a multithreaded MPM is used. It does not properly handle headers in subrequests under certain circumstances, potentially allowing remote attackers to obtain sensitive information via a crafted request. This could trigger access to memory locations associated with an earlier request. **Recommendations** For Apache HTTP Server versions 2.2.x before 2.2.15, update to version 2.2.15 or later to resolve the issue.