CVE-2019-10097
httpd: null-pointer dereference in mod_remoteip
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients.
En Apache HTTP Server versiones 2.4.32 hasta 2.4.39, cuando mod_remoteip se configuró para usar un servidor proxy intermediario de confianza que utiliza el protocolo "PROXY", un encabezado PROXY especialmente diseñado podría desencadenar un desbordamiento del búfer de la pila o una deferencia del puntero NULL. Esta vulnerabilidad solo puede ser activada por un proxy confiable y no por clientes HTTP no confiables.
A vulnerability was discovered in Apache httpd, in mod_remoteip. A trusted proxy using the "PROXY" protocol could send specially crafted headers that can cause httpd to experience a stack buffer overflow or NULL pointer dereference, leading to a crash or other potential consequences. This issue could only be exploited by configured trusted intermediate proxy servers. HTTP clients such as browsers could not exploit the vulnerability.
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 Service Pack 2 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 1 and includes bug fixes and enhancements. Issues addressed include cross site scripting and information leakage vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-03-26 CVE Reserved
- 2019-08-27 CVE Published
- 2024-08-04 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
- CWE-476: NULL Pointer Dereference
- CWE-787: Out-of-bounds Write
CAPEC
References (19)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2019:4126 | 2023-11-07 | |
| https://httpd.apache.org/security/vulnerabilities_24.html | 2023-11-07 | |
| https://access.redhat.com/security/cve/CVE-2019-10097 | 2020-11-04 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1743996 | 2020-11-04 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.4.33 Search vendor "Apache" for product "Http Server" and version "2.4.33" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.4.34 Search vendor "Apache" for product "Http Server" and version "2.4.34" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.4.35 Search vendor "Apache" for product "Http Server" and version "2.4.35" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.4.37 Search vendor "Apache" for product "Http Server" and version "2.4.37" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.4.38 Search vendor "Apache" for product "Http Server" and version "2.4.38" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Element Manager Search vendor "Oracle" for product "Communications Element Manager" | 8.0.0 Search vendor "Oracle" for product "Communications Element Manager" and version "8.0.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Element Manager Search vendor "Oracle" for product "Communications Element Manager" | 8.1.0 Search vendor "Oracle" for product "Communications Element Manager" and version "8.1.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Element Manager Search vendor "Oracle" for product "Communications Element Manager" | 8.1.1 Search vendor "Oracle" for product "Communications Element Manager" and version "8.1.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Element Manager Search vendor "Oracle" for product "Communications Element Manager" | 8.2.0 Search vendor "Oracle" for product "Communications Element Manager" and version "8.2.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Session Report Manager Search vendor "Oracle" for product "Communications Session Report Manager" | 8.1.1 Search vendor "Oracle" for product "Communications Session Report Manager" and version "8.1.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Session Report Manager Search vendor "Oracle" for product "Communications Session Report Manager" | 8.2.0 Search vendor "Oracle" for product "Communications Session Report Manager" and version "8.2.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Session Report Manager Search vendor "Oracle" for product "Communications Session Report Manager" | 8.2.1 Search vendor "Oracle" for product "Communications Session Report Manager" and version "8.2.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Session Route Manager Search vendor "Oracle" for product "Communications Session Route Manager" | 8.1.1 Search vendor "Oracle" for product "Communications Session Route Manager" and version "8.1.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Session Route Manager Search vendor "Oracle" for product "Communications Session Route Manager" | 8.2.0 Search vendor "Oracle" for product "Communications Session Route Manager" and version "8.2.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Session Route Manager Search vendor "Oracle" for product "Communications Session Route Manager" | 8.2.1 Search vendor "Oracle" for product "Communications Session Route Manager" and version "8.2.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Enterprise Manager Ops Center Search vendor "Oracle" for product "Enterprise Manager Ops Center" | 12.3.3 Search vendor "Oracle" for product "Enterprise Manager Ops Center" and version "12.3.3" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Enterprise Manager Ops Center Search vendor "Oracle" for product "Enterprise Manager Ops Center" | 12.4.0 Search vendor "Oracle" for product "Enterprise Manager Ops Center" and version "12.4.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Http Server Search vendor "Oracle" for product "Http Server" | 12.2.1.4.0 Search vendor "Oracle" for product "Http Server" and version "12.2.1.4.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Instantis Enterprisetrack Search vendor "Oracle" for product "Instantis Enterprisetrack" | >= 17.1 <= 17.3 Search vendor "Oracle" for product "Instantis Enterprisetrack" and version " >= 17.1 <= 17.3" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Xstore Point Of Service Search vendor "Oracle" for product "Retail Xstore Point Of Service" | 7.1 Search vendor "Oracle" for product "Retail Xstore Point Of Service" and version "7.1" | - |
Affected
| ||||||