Lucene search

[email protected]NVD:CVE-2019-10097

HistorySep 26, 2019 - 4:15 p.m.

CVE-2019-10097

2019-09-2616:15:10

CWE-476

CWE-787

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

High

EPSS

0.811

Percentile

98.4%

JSON

In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the “PROXY” protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients.

Affected configurations

Nvd

Node

apachehttp_serverMatch2.4.33

apachehttp_serverMatch2.4.34

apachehttp_serverMatch2.4.35

apachehttp_serverMatch2.4.37

apachehttp_serverMatch2.4.38

Node

oraclecommunications_element_managerMatch8.0.0

oraclecommunications_element_managerMatch8.1.0

oraclecommunications_element_managerMatch8.1.1

oraclecommunications_element_managerMatch8.2.0

oraclecommunications_session_report_managerMatch8.1.1

oraclecommunications_session_report_managerMatch8.2.0

oraclecommunications_session_report_managerMatch8.2.1

oraclecommunications_session_route_managerMatch8.1.1

oraclecommunications_session_route_managerMatch8.2.0

oraclecommunications_session_route_managerMatch8.2.1

oracleenterprise_manager_ops_centerMatch12.3.3

oracleenterprise_manager_ops_centerMatch12.4.0

oraclehttp_serverMatch12.2.1.4.0

oracleinstantis_enterprisetrackRange17.1–17.3

oracleretail_xstore_point_of_serviceMatch7.1

VendorProductVersionCPE
apachehttp_server2.4.33cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*
apachehttp_server2.4.34cpe:2.3:a:apache:http_server:2.4.34:*:*:*:*:*:*:*
apachehttp_server2.4.35cpe:2.3:a:apache:http_server:2.4.35:*:*:*:*:*:*:*
apachehttp_server2.4.37cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*
apachehttp_server2.4.38cpe:2.3:a:apache:http_server:2.4.38:*:*:*:*:*:*:*
oraclecommunications_element_manager8.0.0cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:*
oraclecommunications_element_manager8.1.0cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:*
oraclecommunications_element_manager8.1.1cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*
oraclecommunications_element_manager8.2.0cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*
oraclecommunications_session_report_manager8.1.1cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	http_server	2.4.33	cpe:2.3:a:apache:http_server:2.4.33:::::::*
apache	http_server	2.4.34	cpe:2.3:a:apache:http_server:2.4.34:::::::*
apache	http_server	2.4.35	cpe:2.3:a:apache:http_server:2.4.35:::::::*
apache	http_server	2.4.37	cpe:2.3:a:apache:http_server:2.4.37:::::::*
apache	http_server	2.4.38	cpe:2.3:a:apache:http_server:2.4.38:::::::*
oracle	communications_element_manager	8.0.0	cpe:2.3:a:oracle:communications_element_manager:8.0.0:::::::*
oracle	communications_element_manager	8.1.0	cpe:2.3:a:oracle:communications_element_manager:8.1.0:::::::*
oracle	communications_element_manager	8.1.1	cpe:2.3:a:oracle:communications_element_manager:8.1.1:::::::*
oracle	communications_element_manager	8.2.0	cpe:2.3:a:oracle:communications_element_manager:8.2.0:::::::*
oracle	communications_session_report_manager	8.1.1	cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:::::::*

Rows per page:

1-10 of 201

References

access.redhat.com/errata/RHSA-2019:4126

httpd.apache.org/security/vulnerabilities_24.html

lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

www.oracle.com/security-alerts/cpuapr2020.html

www.oracle.com/security-alerts/cpujul2020.html

www.oracle.com/security-alerts/cpuoct2020.html

www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

High

EPSS

0.811

Percentile

98.4%

JSON

CVE-2019-10097

Affected configurations

References

Related