Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-ehff-j1pz-b7e8
Vulnerability ID VCID-ehff-j1pz-b7e8
Aliases CVE-2012-3502
Summary The modules mod_proxy_ajp and mod_proxy_http did not always close the connection to the back end server when necessary as part of error handling. This could lead to an information disclosure due to a response mixup between users.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
System Score Found at
epss 0.03787 https://api.first.org/data/v1/epss?cve=CVE-2012-3502
epss 0.03787 https://api.first.org/data/v1/epss?cve=CVE-2012-3502
epss 0.03787 https://api.first.org/data/v1/epss?cve=CVE-2012-3502
epss 0.03787 https://api.first.org/data/v1/epss?cve=CVE-2012-3502
epss 0.03787 https://api.first.org/data/v1/epss?cve=CVE-2012-3502
epss 0.03787 https://api.first.org/data/v1/epss?cve=CVE-2012-3502
epss 0.03787 https://api.first.org/data/v1/epss?cve=CVE-2012-3502
epss 0.03787 https://api.first.org/data/v1/epss?cve=CVE-2012-3502
epss 0.03787 https://api.first.org/data/v1/epss?cve=CVE-2012-3502
apache_httpd important https://httpd.apache.org/security/json/CVE-2012-3502.json
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2012-3502
Reference id Reference type URL
http://httpd.apache.org/security/vulnerabilities_24.html
http://mail-archives.apache.org/mod_mbox/www-announce/201208.mbox/%3C0BFFEA9B-801B-4BAA-9534-56F640268E30%40apache.org%3E
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3502.json
https://api.first.org/data/v1/epss?cve=CVE-2012-3502
https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
http://www.apache.org/dist/httpd/CHANGES_2.4.3
http://www.securityfocus.com/bid/55131
850776 https://bugzilla.redhat.com/show_bug.cgi?id=850776
cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*
CVE-2012-3502 https://httpd.apache.org/security/json/CVE-2012-3502.json
CVE-2012-3502 https://nvd.nist.gov/vuln/detail/CVE-2012-3502
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2012-3502
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.88014
EPSS Score 0.03787
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:36:18.559854+00:00 Apache HTTPD Importer Import https://httpd.apache.org/security/json/CVE-2012-3502.json 38.0.0