Description
The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
Remediation
References
Related Vulnerabilities
TCExam Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3806)
WordPress Plugin WordPress Access Areas Security Bypass (1.3.0)
Oracle HTTP Server Out-of-bounds Read Vulnerability (CVE-2018-16890)
WordPress Plugin ProfileGrid-User Profiles, Groups and Communities Cross-Site Scripting (2.6.6)
WordPress Plugin Featurific For WordPress 'snum' Parameter Cross-Site Scripting (1.6.2)