Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2019-10092

Опубликовано: 26 сент. 2019
Источник: ubuntu
Приоритет: low
CVSS2: 4.3
CVSS3: 6.1

Описание

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.

РелизСтатусПримечание
bionic

released

2.4.29-1ubuntu4.10
devel

not-affected

2.4.41-1ubuntu1
disco

released

2.4.38-2ubuntu2.2
eoan

not-affected

2.4.41-1ubuntu1
esm-infra-legacy/trusty

needed

esm-infra/bionic

not-affected

2.4.29-1ubuntu4.10
esm-infra/focal

not-affected

2.4.41-1ubuntu1
esm-infra/xenial

not-affected

2.4.18-2ubuntu3.12
focal

not-affected

2.4.41-1ubuntu1
groovy

not-affected

2.4.41-1ubuntu1

Показывать по

Ссылки на источники

4.3 Medium

CVSS2

6.1 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2019-10092

CVSS3: 4.7
redhat
почти 6 лет назад

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.

nvd логотип

CVE-2019-10092

CVSS3: 6.1
nvd
больше 5 лет назад

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.

debian логотип

CVE-2019-10092

CVSS3: 6.1
debian
больше 5 лет назад

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting iss ...

suse-cvrf логотип

SUSE-SU-2021:0779-1

suse-cvrf
больше 4 лет назад

Security update for apache2

github логотип

GHSA-qrr6-fpf4-x3v4

github
около 3 лет назад

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.

4.3 Medium

CVSS2

6.1 Medium

CVSS3

Уязвимость CVE-2019-10092