Description
The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
Remediation
References
Related Vulnerabilities
WordPress Plugin Flexible Checkout Fields for WooCommerce Security Bypass (2.3.1)
WordPress Plugin User Meta Manager Information Disclosure (3.4.7)
MySQL Improper Access Control Vulnerability (CVE-2015-3152)
OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-0704)