Description
The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
Remediation
References
Related Vulnerabilities
MySQL CVE-2019-2580 Vulnerability (CVE-2019-2580)
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-2202)
MySQL Improper Initialization Vulnerability (CVE-2020-11655)
WordPress Plugin Post Thumbnail Editor Multiple Cross-Site Request Forgery Vulnerabilities (2.4.1)