DEBIAN-CVE-2010-2791

DEBIAN-CVE-2010-2791 PUBLISHED

mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.

Affected Products

Vendor	Product	Versions
Debian:11	apache2	0, 0, 0
Debian:12	apache2	0, 0, 0
Debian:14	apache2	0, 0, 0
Debian:13	apache2	0, 0, 0

Timeline

Aug 5, 2010 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2010-2791 advisory

Open in Interactive Console →