Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CVE-2019-10092

CVE information

Published

4 years ago

Last Modified

4 months ago

CVSSv2.0 Severity

Medium

CVSSv3.1 Severity

Medium

Impact Analysis

Description

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed..

CVSSv2.0 Score

Severity
Medium
Base Score
4.3/10
Exploit Score
8.6/10
Access Vector
Network
Access Complexity
Medium
Authentication Required
None
Impact Score
2.9/10
Confidentiality Impact
None
Availability Impact
None
Integrity Impact
Partial

CVSSv3.1 Score

Severity
Medium
Base Score
6.1/10
Exploit Score
2.8/10
Access Vector
Network
Access Complexity
Low
Privileges Required
None
Impact Score
2.7/10
Confidentiality Impact
Low
Availability Impact
None
Integrity Impact
Low
Scope
Changed
User Interaction
Required

Products Affected

CPE Affected Vulnerable Excluding Edit
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
  Yes
2.4.0 -
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:redhat:software_collection:1.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  Yes
- -
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  Yes
- -
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:netapp:clustered_data_ontap:9.6:p3:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:netapp:clustered_data_ontap:9.6:p1:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:netapp:clustered_data_ontap:9.6:p7:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:netapp:clustered_data_ontap:9.6:p8:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:netapp:clustered_data_ontap:9.6:-:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:netapp:clustered_data_ontap:9.6:p4:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:netapp:clustered_data_ontap:*:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:
  Yes
- -
cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:
  Yes
- -
cpe:2.3:a:oracle:secure_global_desktop:5.5:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:
  Yes
- -
cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:
  Yes
- -
cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:
  Yes
- -
cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:
  Yes
- -

References