CVE-2009-1191

Name of the Vulnerable Software and Affected Versions Apache HTTP Server version 2.2.11

Description The issue allows remote attackers to obtain sensitive response data intended for a client that sent an earlier POST request with no request body, via an HTTP request. This can occur in certain situations when a user sends a carefully crafted HTTP request.

Recommendations For Apache HTTP Server version 2.2.11, consider disabling the mod proxy ajp module until a patch is available to prevent exploitation. Restrict access to sensitive data to minimize the risk of information disclosure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.