Description
Cytrix has detected that the Version of Apache HTTP Server being used has the Subrequest handling of request headers (mod_headers) vulnerability.
CVE-2010-0434 is categorized as an Information Exposure vulnerability (CWE-200).
It means that the product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
The ap_read_request function in server/protocol.c in the version of Apache being used, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body.
That, might allow remote attackers to obtain sensitive information by a crafted request that triggers access to memory locations associated with earlier requests.
It will lead to information being disclosed.
Recommendation
To fix CVE-2010-0434, upgrade the version of Apache HTTP Server being used to either 2.0.64 or 2.2.15.
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434
https://cwe.mitre.org/data/definitions/200.html