CVE-2019-10092

Apache Httpd mod_proxy - Error Page Cross-Site Scripting

Severity Score

6.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.

En Apache HTTP Server versiones 2.4.0 hasta 2.4.39, se reportó un problema de cross-site scripting limitado que afecta la página de error de mod_proxy. Un atacante podría causar que el enlace sobre la página de error sea malformado y, en su lugar, apunte a una página de su elección. Esto solo sería explotable donde se configuró un servidor con proxy activado pero se configuró erradamente de tal manera que la página Proxy Error fue desplegada.

A cross-site scripting vulnerability was found in Apache httpd, affecting the mod_proxy error page. Under certain circumstances, a crafted link could inject content into the HTML displayed in the error page, potentially leading to client-side exploitation.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-03-26 CVE Reserved
2019-08-27 CVE Published
2019-10-14 First Exploit
2024-08-04 CVE Updated
2024-10-07 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (38)

URL	Tag	Source
http://www.openwall.com/lists/oss-security/2019/08/15/4	Mailing List
http://www.openwall.com/lists/oss-security/2020/08/08/1	Mailing List
http://www.openwall.com/lists/oss-security/2020/08/08/9	Mailing List
https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/73768e31e0fcae03e12f5aa87da1cb26dece39327f3c32060baa3e94%40%3Cannounce.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r0a83b112cd9701ef8a2061c8ed557f3dc9bb774d4da69fbb91bbc3c4%40%3Cusers.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.debian.org/debian-lts-announce/2019/08/msg00034.html	Mailing List
https://lists.debian.org/debian-lts-announce/2019/09/msg00034.html	Mailing List
https://seclists.org/bugtraq/2019/Aug/47	Mailing List
https://seclists.org/bugtraq/2019/Oct/24	Mailing List
https://security.netapp.com/advisory/ntap-20190905-0003	Third Party Advisory
https://support.f5.com/csp/article/K30442259	Third Party Advisory

URL	Date	SRC
https://www.exploit-db.com/exploits/47688	2019-10-14
https://github.com/mbadanoiu/CVE-2019-10092	2024-06-09
https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-10092-Limited%20Cross-Site%20Scripting%20in%20mod_proxy%20Error%20Page-Apache%20httpd	2024-08-04

URL	Date	SRC
https://usn.ubuntu.com/4113-1	2023-11-07
https://www.oracle.com/security-alerts/cpuapr2020.html	2023-11-07
https://www.oracle.com/security-alerts/cpujan2020.html	2023-11-07
https://www.oracle.com/security-alerts/cpujul2020.html	2023-11-07
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html	2023-11-07

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html	2023-11-07
https://access.redhat.com/errata/RHSA-2019:4126	2023-11-07
https://httpd.apache.org/security/vulnerabilities_24.html	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RVHJHTU4JN3ULCQ44F2G6LZBF2LGNTC	2023-11-07
https://security.gentoo.org/glsa/201909-04	2023-11-07
https://www.debian.org/security/2019/dsa-4509	2023-11-07
https://access.redhat.com/security/cve/CVE-2019-10092	2020-11-04
https://bugzilla.redhat.com/show_bug.cgi?id=1743956	2020-11-04

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				>= 2.4.0 <= 2.4.39 Search vendor "Apache" for product "Http Server" and version " >= 2.4.0 <= 2.4.39"		-		Affected
Opensuse Search vendor "Opensuse"		Leap Search vendor "Opensuse" for product "Leap"				15.0 Search vendor "Opensuse" for product "Leap" and version "15.0"		-		Affected
Opensuse Search vendor "Opensuse"		Leap Search vendor "Opensuse" for product "Leap"				15.1 Search vendor "Opensuse" for product "Leap" and version "15.1"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0"		-		Affected
Redhat Search vendor "Redhat"		Software Collection Search vendor "Redhat" for product "Software Collection"				1.0 Search vendor "Redhat" for product "Software Collection" and version "1.0"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				30 Search vendor "Fedoraproject" for product "Fedora" and version "30"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				19.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "19.04"		-		Affected
Netapp Search vendor "Netapp"		Clustered Data Ontap Search vendor "Netapp" for product "Clustered Data Ontap"				<= 9.5 Search vendor "Netapp" for product "Clustered Data Ontap" and version " <= 9.5"		-		Affected
Netapp Search vendor "Netapp"		Clustered Data Ontap Search vendor "Netapp" for product "Clustered Data Ontap"				9.6 Search vendor "Netapp" for product "Clustered Data Ontap" and version "9.6"		-		Affected
Netapp Search vendor "Netapp"		Clustered Data Ontap Search vendor "Netapp" for product "Clustered Data Ontap"				9.6 Search vendor "Netapp" for product "Clustered Data Ontap" and version "9.6"		p1		Affected
Netapp Search vendor "Netapp"		Clustered Data Ontap Search vendor "Netapp" for product "Clustered Data Ontap"				9.6 Search vendor "Netapp" for product "Clustered Data Ontap" and version "9.6"		p3		Affected
Netapp Search vendor "Netapp"		Clustered Data Ontap Search vendor "Netapp" for product "Clustered Data Ontap"				9.6 Search vendor "Netapp" for product "Clustered Data Ontap" and version "9.6"		p4		Affected
Netapp Search vendor "Netapp"		Clustered Data Ontap Search vendor "Netapp" for product "Clustered Data Ontap"				9.6 Search vendor "Netapp" for product "Clustered Data Ontap" and version "9.6"		p7		Affected
Netapp Search vendor "Netapp"		Clustered Data Ontap Search vendor "Netapp" for product "Clustered Data Ontap"				9.6 Search vendor "Netapp" for product "Clustered Data Ontap" and version "9.6"		p8		Affected
Oracle Search vendor "Oracle"		Communications Element Manager Search vendor "Oracle" for product "Communications Element Manager"				8.0.0 Search vendor "Oracle" for product "Communications Element Manager" and version "8.0.0"		-		Affected
Oracle Search vendor "Oracle"		Communications Element Manager Search vendor "Oracle" for product "Communications Element Manager"				8.1.0 Search vendor "Oracle" for product "Communications Element Manager" and version "8.1.0"		-		Affected
Oracle Search vendor "Oracle"		Communications Element Manager Search vendor "Oracle" for product "Communications Element Manager"				8.1.1 Search vendor "Oracle" for product "Communications Element Manager" and version "8.1.1"		-		Affected
Oracle Search vendor "Oracle"		Communications Element Manager Search vendor "Oracle" for product "Communications Element Manager"				8.2.0 Search vendor "Oracle" for product "Communications Element Manager" and version "8.2.0"		-		Affected
Oracle Search vendor "Oracle"		Enterprise Manager Ops Center Search vendor "Oracle" for product "Enterprise Manager Ops Center"				12.3.3 Search vendor "Oracle" for product "Enterprise Manager Ops Center" and version "12.3.3"		-		Affected
Oracle Search vendor "Oracle"		Enterprise Manager Ops Center Search vendor "Oracle" for product "Enterprise Manager Ops Center"				12.4.0 Search vendor "Oracle" for product "Enterprise Manager Ops Center" and version "12.4.0"		-		Affected
Oracle Search vendor "Oracle"		Secure Global Desktop Search vendor "Oracle" for product "Secure Global Desktop"				5.4 Search vendor "Oracle" for product "Secure Global Desktop" and version "5.4"		-		Affected
Oracle Search vendor "Oracle"		Secure Global Desktop Search vendor "Oracle" for product "Secure Global Desktop"				5.5 Search vendor "Oracle" for product "Secure Global Desktop" and version "5.5"		-		Affected