Back to search
CVE-2019-10092
Published: Sep 26, 2019
Modified: Aug 4, 2024
PUBLISHED
Description
In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.
| Vendor | Product | Versions |
|---|---|---|
n/a | Apache HTTP Server | affected 2.4.0 to 2.4.39 |
References
[httpd-announce] 20190814 CVE-2019-10092: Limited cross-site scripting in mod_proxy
mailing-list
x_refsource_MLIST
[oss-security] 20190814 CVE-2019-10092: Limited cross-site scripting in mod_proxy
mailing-list
x_refsource_MLIST
FEDORA-2019-099575a123
vendor-advisory
x_refsource_FEDORA
DSA-4509
vendor-advisory
x_refsource_DEBIAN
20190826 [SECURITY] [DSA 4509-1] apache2 security update
mailing-list
x_refsource_BUGTRAQ
[debian-lts-announce] 20190828 [SECURITY] [DLA 1900-1] apache2 security update
mailing-list
x_refsource_MLIST
USN-4113-1
vendor-advisory
x_refsource_UBUNTU
openSUSE-SU-2019:2051
vendor-advisory
x_refsource_SUSE
https://security.netapp.com/advisory/ntap-20190905-0003/
x_refsource_CONFIRM
GLSA-201909-04
vendor-advisory
x_refsource_GENTOO
https://support.f5.com/csp/article/K30442259
x_refsource_CONFIRM
[debian-lts-announce] 20190930 [SECURITY] [DLA 1900-2] apache2 regression update
mailing-list
x_refsource_MLIST
20191016 [SECURITY] [DSA 4509-3] apache2 security update
mailing-list
x_refsource_BUGTRAQ
RHSA-2019:4126
vendor-advisory
x_refsource_REDHAT
[httpd-users] 20200202 Re: [users@httpd] Small difference on error messages
mailing-list
x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuapr2020.html
x_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.html
x_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2020.html
x_refsource_MISC
https://httpd.apache.org/security/vulnerabilities_24.html
x_refsource_MISC
[oss-security] 20200808 Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow
mailing-list
x_refsource_MLIST
[oss-security] 20200808 Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow
mailing-list
x_refsource_MLIST
[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
mailing-list
x_refsource_MLIST
[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/
mailing-list
x_refsource_MLIST
[httpd-cvs] 20210330 svn commit: r1073139 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
mailing-list
x_refsource_MLIST
[httpd-cvs] 20210330 svn commit: r1888194 [12/13] - /httpd/site/trunk/content/security/json/
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now