9.1
CVE-2019-10082
- EPSS 47.89%
- Published 26.09.2019 16:15:10
- Last modified 21.11.2024 04:18:21
- Source security@apache.org
- Teams watchlist Login
- Open Login
In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.
Data is provided by the National Vulnerability Database (NVD)
Apache ≫ HTTP Server Version >= 2.4.18 <= 2.4.39
Oracle ≫ Communications Element Manager Version8.0.0
Oracle ≫ Communications Element Manager Version8.1.0
Oracle ≫ Communications Element Manager Version8.1.1
Oracle ≫ Communications Element Manager Version8.2.0
Oracle ≫ Enterprise Manager Ops Center Version12.3.3
Oracle ≫ Enterprise Manager Ops Center Version12.4.0
Oracle ≫ Enterprise Manager Ops Center Version12.4.0.0
Oracle ≫ HTTP Server Version12.2.1.3.0
Oracle ≫ HTTP Server Version12.2.1.4.0
Oracle ≫ Instantis Enterprisetrack Version >= 17.1 <= 17.3
Oracle ≫ Retail Xstore Point Of Service Version7.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 47.89% | 0.976 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
|
| nvd@nist.gov | 6.4 | 10 | 4.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:P
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.