The Apache HTTP server has a cookie information disclosure vulnerability in the implementation of the default error response to the status code 400. The vulnerability allows the attacker to gain access to sensitive information.
Note: To avoid loss from operation failure, we recommend that you create the server snapshot before you try the following solutions.
Upgrade to Apache HTTPD 2.2.22 or a later version.
- Open the HTTPD configuration file (the httpd.ini file by default), locate
ErrorDocument400, and add a section of custom content after it. For example,
ErrorDocument400 "error page!".
- Save the file and restart the HTTPD service.