CVE-2007-1862

Vulnerability

In Apache HTTP Server 2.2.4, the recall_headers function in mod_mem_cache does not properly copy all levels of header data when serving cached responses. This flaw can cause the server to return HTTP headers containing previously used data from other requests, potentially exposing sensitive information. The vulnerability affects Apache 2.2.4 and possibly earlier versions in the 2.2.x branch [1][2].

Exploitation

A remote attacker can exploit this vulnerability by sending crafted requests to an Apache server that uses mod_mem_cache. The attacker does not need authentication; the issue is triggered when the server serves a cached response and fails to clear all header levels, thus returning stale headers from prior requests [1]. No user interaction is required.

Impact

Successful exploitation allows a remote attacker to obtain potentially sensitive information from HTTP headers that were previously used by the server for other clients. This could include session tokens, internal IP addresses, or other confidential data, leading to information disclosure [1][3].

Mitigation

Apache HTTP Server 2.2 reached End-of-Life in December 2017, and no official fix was released for this issue in the 2.2.x branch [1]. Users are strongly advised to upgrade to a supported version (2.4.x or later). As a workaround, disabling mod_mem_cache or avoiding the use of caching in sensitive environments may reduce exposure [3]. No patch is available from the Apache project for 2.2.x.