6.1
CVE-2019-10092
- EPSS 82.38%
- Veröffentlicht 26.09.2019 16:15:10
- Zuletzt bearbeitet 21.11.2024 04:18:23
- Quelle security@apache.org
- Teams Watchlist Login
- Unerledigt Login
In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Apache ≫ HTTP Server Version >= 2.4.0 <= 2.4.39
Debian ≫ Debian Linux Version8.0
Debian ≫ Debian Linux Version9.0
Debian ≫ Debian Linux Version10.0
Redhat ≫ Software Collection Version1.0
Fedoraproject ≫ Fedora Version30
Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version19.04
Netapp ≫ Clustered Data Ontap Version <= 9.5
Netapp ≫ Clustered Data Ontap Version9.6 Update-
Netapp ≫ Clustered Data Ontap Version9.6 Updatep1
Netapp ≫ Clustered Data Ontap Version9.6 Updatep3
Netapp ≫ Clustered Data Ontap Version9.6 Updatep4
Netapp ≫ Clustered Data Ontap Version9.6 Updatep7
Netapp ≫ Clustered Data Ontap Version9.6 Updatep8
Oracle ≫ Communications Element Manager Version8.0.0
Oracle ≫ Communications Element Manager Version8.1.0
Oracle ≫ Communications Element Manager Version8.1.1
Oracle ≫ Communications Element Manager Version8.2.0
Oracle ≫ Enterprise Manager Ops Center Version12.3.3
Oracle ≫ Enterprise Manager Ops Center Version12.4.0
Oracle ≫ Secure Global Desktop Version5.4
Oracle ≫ Secure Global Desktop Version5.5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 82.38% | 0.992 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.