Lucene search

K
httpdApache Team FoundationHTTPD:8DF9389A321028B4475CE2E9B5BFC7A6
HistoryMar 26, 2019 - 12:00 a.m.

Apache Httpd < 2.4.41 : mod_rewrite potential open redirect

2019-03-2600:00:00
Apache Team Foundation
httpd.apache.org
373

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.167

Percentile

96.1%

Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.

Affected configurations

Vulners
Node
apacheapache_httpdMatch2.4.39
OR
apacheapache_httpdMatch2.4.38
OR
apacheapache_httpdMatch2.4.37
OR
apacheapache_httpdMatch2.4.35
OR
apacheapache_httpdMatch2.4.34
OR
apacheapache_httpdMatch2.4.33
OR
apacheapache_httpdMatch2.4.30
OR
apacheapache_httpdMatch2.4.29
OR
apacheapache_httpdMatch2.4.28
OR
apacheapache_httpdMatch2.4.27
OR
apacheapache_httpdMatch2.4.26
OR
apacheapache_httpdMatch2.4.25
OR
apacheapache_httpdMatch2.4.23
OR
apacheapache_httpdMatch2.4.20
OR
apacheapache_httpdMatch2.4.18
OR
apacheapache_httpdMatch2.4.17
OR
apacheapache_httpdMatch2.4.16
OR
apacheapache_httpdMatch2.4.12
OR
apacheapache_httpdMatch2.4.10
OR
apacheapache_httpdMatch2.4.9
OR
apacheapache_httpdMatch2.4.7
OR
apacheapache_httpdMatch2.4.6
OR
apacheapache_httpdMatch2.4.4
OR
apacheapache_httpdMatch2.4.3
OR
apacheapache_httpdMatch2.4.2
OR
apacheapache_httpdMatch2.4.1
OR
apacheapache_httpdMatch2.4.0
VendorProductVersionCPE
apacheapache_httpd2.4.39cpe:2.3:a:apache:apache_httpd:2.4.39:*:*:*:*:*:*:*
apacheapache_httpd2.4.38cpe:2.3:a:apache:apache_httpd:2.4.38:*:*:*:*:*:*:*
apacheapache_httpd2.4.37cpe:2.3:a:apache:apache_httpd:2.4.37:*:*:*:*:*:*:*
apacheapache_httpd2.4.35cpe:2.3:a:apache:apache_httpd:2.4.35:*:*:*:*:*:*:*
apacheapache_httpd2.4.34cpe:2.3:a:apache:apache_httpd:2.4.34:*:*:*:*:*:*:*
apacheapache_httpd2.4.33cpe:2.3:a:apache:apache_httpd:2.4.33:*:*:*:*:*:*:*
apacheapache_httpd2.4.30cpe:2.3:a:apache:apache_httpd:2.4.30:*:*:*:*:*:*:*
apacheapache_httpd2.4.29cpe:2.3:a:apache:apache_httpd:2.4.29:*:*:*:*:*:*:*
apacheapache_httpd2.4.28cpe:2.3:a:apache:apache_httpd:2.4.28:*:*:*:*:*:*:*
apacheapache_httpd2.4.27cpe:2.3:a:apache:apache_httpd:2.4.27:*:*:*:*:*:*:*
Rows per page:
1-10 of 271

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.167

Percentile

96.1%