CVE-2010-2791

Name of the Vulnerable Software and Affected Versions Apache HTTP Server version 2.2.9

Description The issue is related to an information disclosure flaw in the mod proxy component of the Apache HTTP Server. When running on Unix platforms, if a timeout occurs while reading a response from a persistent connection, the backend connection is not closed. This allows remote attackers to potentially obtain sensitive responses intended for other clients under certain circumstances. The flaw is triggered by specific timeout conditions and affects configurations that use proxy worker pools.

Recommendations For Apache HTTP Server version 2.2.9, as a temporary workaround, consider globally configuring the server with the setting: SetEnv proxy-nokeepalive 1. This configuration change can help mitigate the risk of information disclosure until a more permanent fix is available.