Public Date:
570171: CVE-2010-0434 httpd: request header information leak

The MITRE CVE dictionary describes this issue as:

The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.

Find out more about CVE-2010-0434 from the MITRE CVE dictionary dictionary and NIST NVD.


Red Hat is aware of this issue and is tracking it via the following bug:

This issue was fixed in Red Hat Enterprise Linux 5 via:

This issue was fixed in Red Hat Enterprise
Linux 4 via:

The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw on Red Hat Enterprise Linux 3. More information regarding issue severity can be found here:

CVSS v2 metrics

Base Score 2.6
Base Metrics AV:N/AC:H/Au:N/C:P/I:N/A:N
Access Vector Network
Access Complexity High
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server RHSA-2010:0396 2010-05-05
Red Hat Enterprise Linux 4 (httpd) RHSA-2010:0175 2010-03-25
Red Hat JBoss Web Server 1.0 for RHEL 4 AS (httpd22) RHSA-2010:0396 2010-05-05
Red Hat Certificate System 7.3 for 4AS RHSA-2010:0602 2010-08-04
Red Hat Enterprise Linux 5 (httpd) RHSA-2010:0168 2010-03-25
Last Modified

CVE description copyright © 2017, The MITRE Corporation