Lucene search

K
nvd[email protected]NVD:CVE-2019-10092
HistorySep 26, 2019 - 4:15 p.m.

CVE-2019-10092

2019-09-2616:15:10
CWE-79
web.nvd.nist.gov
8

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.1

Confidence

High

EPSS

0.064

Percentile

93.8%

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.

Affected configurations

Nvd
Node
apachehttp_serverRange2.4.02.4.39
Node
opensuseleapMatch15.0
OR
opensuseleapMatch15.1
Node
debiandebian_linuxMatch8.0
OR
debiandebian_linuxMatch9.0
OR
debiandebian_linuxMatch10.0
Node
redhatsoftware_collectionMatch1.0
Node
fedoraprojectfedoraMatch30
Node
canonicalubuntu_linuxMatch16.04lts
OR
canonicalubuntu_linuxMatch18.04lts
OR
canonicalubuntu_linuxMatch19.04
Node
netappclustered_data_ontapRange9.5
OR
netappclustered_data_ontapMatch9.6-
OR
netappclustered_data_ontapMatch9.6p1
OR
netappclustered_data_ontapMatch9.6p3
OR
netappclustered_data_ontapMatch9.6p4
OR
netappclustered_data_ontapMatch9.6p7
OR
netappclustered_data_ontapMatch9.6p8
Node
oraclecommunications_element_managerMatch8.0.0
OR
oraclecommunications_element_managerMatch8.1.0
OR
oraclecommunications_element_managerMatch8.1.1
OR
oraclecommunications_element_managerMatch8.2.0
OR
oracleenterprise_manager_ops_centerMatch12.3.3
OR
oracleenterprise_manager_ops_centerMatch12.4.0
OR
oraclesecure_global_desktopMatch5.4
OR
oraclesecure_global_desktopMatch5.5
VendorProductVersionCPE
apachehttp_server*cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
opensuseleap15.0cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
opensuseleap15.1cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
debiandebian_linux8.0cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
debiandebian_linux9.0cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
debiandebian_linux10.0cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
redhatsoftware_collection1.0cpe:2.3:a:redhat:software_collection:1.0:*:*:*:*:*:*:*
fedoraprojectfedora30cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
canonicalubuntu_linux16.04cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
canonicalubuntu_linux18.04cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Rows per page:
1-10 of 261

References

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.1

Confidence

High

EPSS

0.064

Percentile

93.8%