Sander De Boer

**Name of the Vulnerable Software and Affected Versions** Apache HTTP Server version 2.2.11 **Description** The issue allows remote attackers to obtain sensitive response data intended for a client that sent an earlier POST request with no request body, via an HTTP request. This can occur in certain situations when a user sends a carefully crafted HTTP request. **Recommendations** For Apache HTTP Server version 2.2.11, consider disabling the mod proxy ajp module until a patch is available to prevent exploitation. Restrict access to sensitive data to minimize the risk of information disclosure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.