CVE-2012-3502

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.0 through 2.4.2

Description The issue arises from the proxy functionality in the mod proxy ajp and mod proxy http modules, which fails to properly determine when a back-end connection should be closed. This allows remote attackers to obtain sensitive information by reading a response intended for a different client in certain circumstances.

Recommendations For versions 2.4.0 through 2.4.2, update to version 2.4.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the mod proxy ajp and mod proxy http modules until a patch is applied.