Search for vulnerabilities
Vulnerability details: VCID-d59r-2grq-aaab
Vulnerability ID VCID-d59r-2grq-aaab
Aliases CVE-2010-2068
Summary mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2011:0896
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.00582 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.01017 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.01017 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.01017 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.01017 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.08537 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.08537 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.08537 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.08537 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.08537 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.08537 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.08537 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.08537 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.08537 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.08537 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.08537 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.08537 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.08537 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.08537 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.08537 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.08537 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.08537 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.08537 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.08537 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.08537 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.08537 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.08537 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.08537 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.08537 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.08537 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.08537 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.08537 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.08537 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.08537 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.08537 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.08537 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.08537 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.08537 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.08537 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.08537 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.08537 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.08537 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.08537 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.08537 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.08537 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.08537 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.08537 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.08537 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.08537 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.08806 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.08806 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.08806 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.08806 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.08806 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.08806 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
epss 0.10341 https://api.first.org/data/v1/epss?cve=CVE-2010-2068
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=632994
apache_httpd important https://httpd.apache.org/security/json/CVE-2010-2068.json
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2010-2068
generic_textual MODERATE http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995
Reference id Reference type URL
http://httpd.apache.org/security/vulnerabilities_22.html
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
http://mail-archives.apache.org/mod_mbox/httpd-announce/201006.mbox/%3C4C12933D.4060400%40apache.org%3E
http://mail-archives.apache.org/mod_mbox/httpd-announce/201006.mbox/%3C4C12933D.4060400@apache.org%3E
http://marc.info/?l=apache-announce&m=128009718610929&w=2
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2068.json
https://api.first.org/data/v1/epss?cve=CVE-2010-2068
http://secunia.com/advisories/40206
http://secunia.com/advisories/40824
http://secunia.com/advisories/41480
http://secunia.com/advisories/41490
http://secunia.com/advisories/41722
http://securitytracker.com/id?1024096
https://exchange.xforce.ibmcloud.com/vulnerabilities/59413
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11491
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6931
http://support.apple.com/kb/HT4581
http://www-01.ibm.com/support/docview.wss?uid=nas352ca0ac9460f9b8886257777005dd0e4
http://www.apache.org/dist/httpd/patches/apply_to_2.2.15/CVE-2010-2068-r953616.patch
http://www.apache.org/dist/httpd/patches/apply_to_2.3.5/CVE-2010-2068-r953418.patch
http://www.ibm.com/support/docview.wss?uid=swg1PM16366
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
http://www.redhat.com/support/errata/RHSA-2011-0896.html
http://www.securityfocus.com/archive/1/511809/100/0/threaded
http://www.securityfocus.com/bid/40827
http://www.vupen.com/english/advisories/2010/1436
632994 https://bugzilla.redhat.com/show_bug.cgi?id=632994
CVE-2010-2068 https://httpd.apache.org/security/json/CVE-2010-2068.json
CVE-2010-2068 https://nvd.nist.gov/vuln/detail/CVE-2010-2068
RHSA-2011:0896 https://access.redhat.com/errata/RHSA-2011:0896
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2010-2068
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.78535
EPSS Score 0.00582
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.