Published: 25/09/2019 Updated: 07/11/2023

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 585

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

A vulnerability was found in Apache httpd, in mod_http2. Under certain circumstances, HTTP/2 early pushes could lead to memory corruption, causing a server to crash.(CVE-2019-10081) A read-after-free vulnerability exists in Apache httpd, in mod_http2. A specially crafted http/2 client session could cause the server to read memory that was previously freed during connection shutdown, potentially leading to a crash.(CVE-2019-10082) A cross-site scripting vulnerability was found in Apache httpd, affecting the mod_proxy error page. Under certain circumstances, a crafted link could inject content into the HTML displayed in the error page, potentially leading to client-side exploitation.(CVE-2019-10092) A vulnerability exists in Apache httpd, in mod_remoteip. A trusted proxy using the "PROXY" protocol could send specially crafted headers that can cause httpd to experience a stack buffer overflow or NULL pointer dereference, leading to a crash or other potential consequences.\n\nThis issue could only be exploited by configured trusted intermediate proxy servers. HTTP clients such as browsers could not exploit the vulnerability.(CVE-2019-10097) A vulnerability exists in Apache httpd, in mod_rewrite. Certain self-referential mod_rewrite rules could be fooled by encoded newlines, causing them to redirect to an unexpected location. An attacker could abuse this flaw in a phishing attack or as part of a client-side attack on browsers.(CVE-2019-10098) Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.(CVE-2019-9517)

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache http server

Several vulnerabilities have been found in the Apache HTTPD server CVE-2019-9517 Jonathan Looney reported that a malicious client could perform a denial of service attack (exhausting h2 workers) by flooding a connection with requests and basically never reading responses on the TCP connection CVE-2019-10081 Craig Young report ...

Several security issues were fixed in Apache ...

USN-4113-1 introduced a regression in Apache ...

Synopsis Moderate: httpd24-httpd and httpd24-mod_md security and enhancement update Type/Severity Security Advisory: Moderate Topic An update for httpd24-httpd and httpd24-mod_md is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of M ...

Synopsis Moderate: httpd security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for httpd is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ...

Synopsis Moderate: httpd:24 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for the httpd:24 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabi ...

Synopsis Moderate: Red Hat JBoss Core Services Apache HTTP Server 2437 SP2 security update Type/Severity Security Advisory: Moderate Topic Red Hat JBoss Core Services Pack Apache Server 2437 Service Pack 2 zip release for RHEL 6, RHEL 7 and Microsoft Windows is availableRed Hat Product Security has rat ...

Synopsis Moderate: Red Hat JBoss Core Services Apache HTTP Server 2437 SP2 security update Type/Severity Security Advisory: Moderate Topic Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2437 and fix several bugs, and add various enhancements are now available for Red Hat En ...

A vulnerability was found in Apache httpd, in mod_http2 Under certain circumstances, HTTP/2 early pushes could lead to memory corruption, causing a server to crash(CVE-2019-10081) A read-after-free vulnerability was discovered in Apache httpd, in mod_http2 A specially crafted http/2 client session could cause the server to read memory that was p ...

A cross-site scripting vulnerability was found in Apache httpd, affecting the mod_proxy error page Under certain circumstances, a crafted link could inject content into the HTML displayed in the error page, potentially leading to client-side exploitation(CVE-2019-10092) A vulnerability was discovered in Apache httpd, in mod_remoteip A trusted pr ...

Normal URLs like redirectlocal/test will be forwared to redirectlocal/test But by using newlines (CVE 2019-10098), we can redirect somewhere else (ie to `redirectlocalevilwebsitecom`): ``` curl -Ik 'redirectlocal/%0aevilwebsitecom' --path-as-is HTTP/2 302 date: Mon, 28 Oct 2019 03:36:58 GMT content-type: ...

CVE-2019-10098

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect