CVE-2019-10097

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients.

References

https://httpd.apache.org/security/vulnerabilities_24.html

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

https://access.redhat.com/errata/RHSA-2019:4126

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://www.oracle.com/security-alerts/cpuapr2020.html

https://www.oracle.com/security-alerts/cpujul2020.html

https://www.oracle.com/security-alerts/cpuoct2020.html

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

Details

Source: MITRE

Published: 2019-09-26

Updated: 2021-07-07

Type: CWE-787

Risk Information

CVSS v2

Base Score: 6

Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 6.8

Severity: MEDIUM

CVSS v3

Base Score: 7.2

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.2

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.4.34:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.4.35:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.4.38:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:* versions from 17.1 to 17.3 (inclusive)

cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*

Tenable Plugins

View all (20 total)

IDNameProductFamilySeverity
145821CentOS 8 : httpd:2.4 (CESA-2020:4751)NessusCentOS Local Security Checks
critical
142762Oracle Linux 8 : httpd:2.4 (ELSA-2020-4751)NessusOracle Linux Local Security Checks
critical
142397RHEL 8 : httpd:2.4 (RHSA-2020:4751)NessusRed Hat Local Security Checks
critical
142212Oracle Fusion Middleware Oracle HTTP Server (Oct 2020 CPU)NessusWeb Servers
critical
135235RHEL 6 : Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP2 (RHSA-2020:1337)NessusRed Hat Local Security Checks
critical
135160Slackware 14.0 / 14.1 / 14.2 / current : httpd (SSA:2020-091-02) (Internal Data Buffering)NessusSlackware Local Security Checks
critical
135146EulerOS Virtualization for ARM 64 3.0.6.0 : httpd (EulerOS-SA-2020-1359)NessusHuawei Local Security Checks
critical
133989EulerOS 2.0 SP8 : httpd (EulerOS-SA-2020-1155)NessusHuawei Local Security Checks
critical
130400Amazon Linux 2 : httpd (ALAS-2019-1341)NessusAmazon Linux Local Security Checks
high
130281Amazon Linux AMI : httpd24 (ALAS-2019-1311) (Internal Data Buffering)NessusAmazon Linux Local Security Checks
critical
128993Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : Apache HTTP Server regression (USN-4113-2) (Internal Data Buffering)NessusUbuntu Local Security Checks
critical
128593GLSA-201909-04 : Apache: Multiple vulnerabilities (Internal Data Buffering)NessusGentoo Local Security Checks
critical
128460openSUSE Security Update : apache2 (openSUSE-2019-2051) (Internal Data Buffering)NessusSuSE Local Security Checks
critical
128412Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : Apache HTTP Server vulnerabilities (USN-4113-1) (Internal Data Buffering)NessusUbuntu Local Security Checks
critical
128316SUSE SLED15 / SLES15 Security Update : apache2 (SUSE-SU-2019:2237-1) (Internal Data Buffering)NessusSuSE Local Security Checks
critical
128182Debian DSA-4509-1 : apache2 - security update (Internal Data Buffering)NessusDebian Local Security Checks
critical
128084Fedora 30 : 1:mod_md / httpd (2019-099575a123)NessusFedora Local Security Checks
high
98669Apache 2.4.x < 2.4.41 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
critical
98669Apache 2.4.x < 2.4.41 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
critical
128033Apache 2.4.x < 2.4.41 Multiple VulnerabilitiesNessusWeb Servers
critical