Lucene search

K
httpdApache Team FoundationHTTPD:1476868F8E61526B31CAA5707DE2E715
HistoryJul 23, 2019 - 12:00 a.m.

Apache Httpd < 2.4.41 : CVE-2019-10097 mod_remoteip: Stack buffer overflow and NULL pointer dereference

2019-07-2300:00:00
Apache Team Foundation
httpd.apache.org
141

CVSS2

6

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.831

Percentile

98.5%

When mod_remoteip was configured to use a trusted intermediary proxy server using the “PROXY” protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients.

Affected configurations

Vulners
Node
apacheapache_httpdMatch2.4.38
OR
apacheapache_httpdMatch2.4.37
OR
apacheapache_httpdMatch2.4.35
OR
apacheapache_httpdMatch2.4.34
OR
apacheapache_httpdMatch2.4.33
VendorProductVersionCPE
apacheapache_httpd2.4.38cpe:2.3:a:apache:apache_httpd:2.4.38:*:*:*:*:*:*:*
apacheapache_httpd2.4.37cpe:2.3:a:apache:apache_httpd:2.4.37:*:*:*:*:*:*:*
apacheapache_httpd2.4.35cpe:2.3:a:apache:apache_httpd:2.4.35:*:*:*:*:*:*:*
apacheapache_httpd2.4.34cpe:2.3:a:apache:apache_httpd:2.4.34:*:*:*:*:*:*:*
apacheapache_httpd2.4.33cpe:2.3:a:apache:apache_httpd:2.4.33:*:*:*:*:*:*:*

CVSS2

6

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.831

Percentile

98.5%