Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-10092

Опубликовано: 26 сент. 2019
Источник: debian

Описание

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
apache2fixed2.4.41-1package

Примечания

  • Affects upstream versions 2.4.0 to 2.4.39

  • https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-10092

  • https://bz.apache.org/bugzilla/show_bug.cgi?id=63688#c5

  • https://svn.apache.org/r1864191

  • Regression: https://bugs.debian.org/941202

Связанные уязвимости

ubuntu логотип

CVE-2019-10092

CVSS3: 6.1
ubuntu
около 6 лет назад

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.

redhat логотип

CVE-2019-10092

CVSS3: 4.7
redhat
больше 6 лет назад

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.

nvd логотип

CVE-2019-10092

CVSS3: 6.1
nvd
около 6 лет назад

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.

suse-cvrf логотип

SUSE-SU-2021:0779-1

suse-cvrf
почти 5 лет назад

Security update for apache2

github логотип

GHSA-qrr6-fpf4-x3v4

github
больше 3 лет назад

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.