CVE-2012-3502

medium Apache
CVSS v3 Base Score
4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N
EPSS Score
3.8%
Exploitation probability in 30 days
Top 12% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
P
Integrity
None
Availability
None
Published: August 22, 2012 (5013 days ago)
Last Modified: April 29, 2026
Vendor: Apache
Source: NVD

Description

The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.

CWE

CWE-200

Affected Products

apache http server

References

🔗 httpd.apache.org 🔗 mail-archives.apache.org 🔗 www.apache.org 🔗 www.securityfocus.com 🔗 lists.apache.org