Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.1
CVSSv3

CVE-2019-10092

Published: 26/09/2019 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Apache

Vulnerability Summary

A vulnerability was found in Apache httpd, in mod_http2. Under certain circumstances, HTTP/2 early pushes could lead to memory corruption, causing a server to crash.(CVE-2019-10081) A read-after-free vulnerability exists in Apache httpd, in mod_http2. A specially crafted http/2 client session could cause the server to read memory that was previously freed during connection shutdown, potentially leading to a crash.(CVE-2019-10082) A cross-site scripting vulnerability was found in Apache httpd, affecting the mod_proxy error page. Under certain circumstances, a crafted link could inject content into the HTML displayed in the error page, potentially leading to client-side exploitation.(CVE-2019-10092) A vulnerability exists in Apache httpd, in mod_remoteip. A trusted proxy using the "PROXY" protocol could send specially crafted headers that can cause httpd to experience a stack buffer overflow or NULL pointer dereference, leading to a crash or other potential consequences.\n\nThis issue could only be exploited by configured trusted intermediate proxy servers. HTTP clients such as browsers could not exploit the vulnerability.(CVE-2019-10097) A vulnerability exists in Apache httpd, in mod_rewrite. Certain self-referential mod_rewrite rules could be fooled by encoded newlines, causing them to redirect to an unexpected location. An attacker could abuse this flaw in a phishing attack or as part of a client-side attack on browsers.(CVE-2019-10098) Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.(CVE-2019-9517)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache http server

opensuse leap 15.0

opensuse leap 15.1

debian debian linux 8.0

debian debian linux 9.0

debian debian linux 10.0

redhat software collection 1.0

fedoraproject fedora 30

canonical ubuntu linux 16.04

canonical ubuntu linux 18.04

canonical ubuntu linux 19.04

netapp clustered data ontap 9.6

netapp clustered data ontap

oracle enterprise manager ops center 12.3.3

oracle secure global desktop 5.4

oracle enterprise manager ops center 12.4.0

oracle secure global desktop 5.5

oracle communications element manager 8.2.0

oracle communications element manager 8.1.1

oracle communications element manager 8.1.0

oracle communications element manager 8.0.0

Vendor Advisories

Red Hat: Moderate: httpd24-httpd security, bug fix, and enhancement update
Synopsis Moderate: httpd24-httpd security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for httpd24, httpd24-httpd, and httpd24-nghttp2 is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of ...
Red Hat: Moderate: httpd:2.4 security, bug fix, and enhancement update
Synopsis Moderate: httpd:24 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for the httpd:24 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabi ...
Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP2 security update
Synopsis Moderate: Red Hat JBoss Core Services Apache HTTP Server 2437 SP2 security update Type/Severity Security Advisory: Moderate Topic Red Hat JBoss Core Services Pack Apache Server 2437 Service Pack 2 zip release for RHEL 6, RHEL 7 and Microsoft Windows is availableRed Hat Product Security has rat ...
Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP2 security update
Synopsis Moderate: Red Hat JBoss Core Services Apache HTTP Server 2437 SP2 security update Type/Severity Security Advisory: Moderate Topic Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2437 and fix several bugs, and add various enhancements are now available for Red Hat En ...
Debian Security Advisories: DSA-4509-1 apache2 -- security update
Several vulnerabilities have been found in the Apache HTTPD server CVE-2019-9517 Jonathan Looney reported that a malicious client could perform a denial of service attack (exhausting h2 workers) by flooding a connection with requests and basically never reading responses on the TCP connection CVE-2019-10081 Craig Young report ...
Ubuntu Security Notice: apache2 vulnerabilities
Several security issues were fixed in Apache ...
Ubuntu Security Notice: apache2 regression
USN-4113-1 introduced a regression in Apache ...
Amazon Linux AMI: ALAS-2019-1311
A vulnerability was found in Apache httpd, in mod_http2 Under certain circumstances, HTTP/2 early pushes could lead to memory corruption, causing a server to crash(CVE-2019-10081) A read-after-free vulnerability was discovered in Apache httpd, in mod_http2 A specially crafted http/2 client session could cause the server to read memory that was p ...
Amazon Linux 2: ALAS2-2019-1341
A cross-site scripting vulnerability was found in Apache httpd, affecting the mod_proxy error page Under certain circumstances, a crafted link could inject content into the HTML displayed in the error page, potentially leading to client-side exploitation(CVE-2019-10092) A vulnerability was discovered in Apache httpd, in mod_remoteip A trusted pr ...
Hitachi Security Advisories: Vulnerability in JP1/Data Highway
A vulnerability (CVE-2019-10092) exists in JP1/Data Highway Affected products and versions are listed below Please upgrade your version to the appropriate version, or apply the Workarounds ...
Hitachi Security Advisories: Vulnerability in Cosminexus HTTP Server and Hitachi Web Server
A vulnerability (CVE-2019-10092) exists in Cosminexus HTTP Server and Hitachi Web Server Affected products and versions are listed below Please upgrade your version to the appropriate version, or apply the Workarounds ...

Exploits

Exploit DB: Apache Httpd mod_proxy - Error Page Cross-Site Scripting
The trick is to use a vertical tab (`%09`) and then place another URL in the tag So once a victim clicks the link on the error page, she will go somewhere else As you can see, the browser changes the destination from relative / to an absolute url enoflagde The exploit is `domaintld/%09//otherdomaintld` Here's the httpd config ...

Mailing Lists

Full Disclosure: Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Daniel ...

Github Repositories

https://github.com/motikan2010/CVE-2019-10092_Docker

CVE-2019-10092 Docker - Apache HTTP Server

CVE-2019-10092 Docker - Apache HTTP Server Using $ docker-compose up Using from Docker Hub $ docker run -p 5555:5555 motikan2010/cve-2019-10092 PoC Disclosures/CVE-2019-10092-Limited Cross-Site Scripting in mod_proxy Error Page-Apache httpd at master · DrunkenShells/Disclosures githu

References

CWE-79https://httpd.apache.org/security/vulnerabilities_24.htmlhttps://lists.debian.org/debian-lts-announce/2019/09/msg00034.htmlhttps://seclists.org/bugtraq/2019/Oct/24https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlhttps://access.redhat.com/errata/RHSA-2019:4126https://www.oracle.com/security-alerts/cpujan2020.htmlhttps://www.oracle.com/security-alerts/cpuapr2020.htmlhttps://www.oracle.com/security-alerts/cpujul2020.htmlhttps://www.debian.org/security/2019/dsa-4509https://security.netapp.com/advisory/ntap-20190905-0003/https://seclists.org/bugtraq/2019/Aug/47http://www.openwall.com/lists/oss-security/2019/08/15/4http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.htmlhttps://security.gentoo.org/glsa/201909-04https://usn.ubuntu.com/4113-1/https://lists.debian.org/debian-lts-announce/2019/08/msg00034.htmlhttps://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-10092-Limited%20Cross-Site%20Scripting%20in%20mod_proxy%20Error%20Page-Apache%20httpdhttps://support.f5.com/csp/article/K30442259http://www.openwall.com/lists/oss-security/2020/08/08/1http://www.openwall.com/lists/oss-security/2020/08/08/9https://lists.apache.org/thread.html/73768e31e0fcae03e12f5aa87da1cb26dece39327f3c32060baa3e94%40%3Cannounce.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3Ehttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RVHJHTU4JN3ULCQ44F2G6LZBF2LGNTC/https://lists.apache.org/thread.html/r0a83b112cd9701ef8a2061c8ed557f3dc9bb774d4da69fbb91bbc3c4%40%3Cusers.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3Ehttps://nvd.nist.govhttps://github.com/motikan2010/CVE-2019-10092_Dockerhttps://access.redhat.com/errata/RHSA-2019:4126https://www.exploit-db.com/exploits/47688https://www.debian.org/security/2019/dsa-4509https://usn.ubuntu.com/4113-1/https://alas.aws.amazon.com/ALAS-2019-1311.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook