According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.41. It is, therefore, affected by multiple vulnerabilities:
A cross-site scripting (XSS) vulnerability exists in mod_proxy when proxying is enabled and Proxy Error page is displayed. (CVE-2019-10092)
An open redirect vulnerability exists in mod_rewrite when using self-referential redirects. (CVE-2019-10098)
A read-after-free vulnerability exists in mod_http2 during connection shutdown. (CVE-2019-10082)
A memory corruption vulnerability exists in mod_http2 on early pushes. (CVE-2019-10081)
A denial of service (DoS) vulnerability exists in mod_http2 by exhausting h2 workers. (CVE-2019-9517)
A stack buffer overflow and NULL pointer dereference vulnerabilities exist in mod_remoteip when using a specially crafted PROXY header. (CVE-2019-10097)
Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.
No source data
Vendor | Product | Version | CPE |
---|---|---|---|
apache | http_server | * | cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10097
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517
archive.apache.org/dist/httpd/CHANGES_2.4.41
httpd.apache.org/security/vulnerabilities_24.html#2.4.41