Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2019-10097

Опубликовано: 26 сент. 2019
Источник: ubuntu
Приоритет: medium
EPSS Средний
CVSS2: 6
CVSS3: 7.2

Описание

In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients.

РелизСтатусПримечание
bionic

not-affected

code not present
devel

not-affected

2.4.41-1ubuntu1
disco

released

2.4.38-2ubuntu2.2
esm-infra-legacy/trusty

not-affected

code not present
esm-infra/bionic

not-affected

code not present
esm-infra/xenial

not-affected

code not present
precise/esm

not-affected

code not present
trusty

ignored

end of standard support
trusty/esm

not-affected

code not present
upstream

released

2.4.41-1

Показывать по

Ссылки на источники

EPSS

Процентиль: 96%
0.26426
Средний

6 Medium

CVSS2

7.2 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2019-10097

CVSS3: 6.6
redhat
больше 6 лет назад

In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients.

nvd логотип

CVE-2019-10097

CVSS3: 7.2
nvd
около 6 лет назад

In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients.

debian логотип

CVE-2019-10097

CVSS3: 7.2
debian
около 6 лет назад

In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured ...

github логотип

GHSA-x7xg-9vq9-q8xh

github
больше 3 лет назад

In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients.

fstec логотип

BDU:2019-04285

CVSS3: 7.2
fstec
больше 6 лет назад

Уязвимость модуля mod_remoteip веб-сервера Apache HTTP Server, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

EPSS

Процентиль: 96%
0.26426
Средний

6 Medium

CVSS2

7.2 High

CVSS3