CVE-2019-10097
published 2019-09-26CVE-2019-10097: In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially…
high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | http_server | — | — |
| apache | http_server | — | — |
| apache | http_server | — | — |
| apache | http_server | — | — |
| apache | http_server | — | — |
| debian | apache2 | < apache2 2.4.41-1 (bookworm) | apache2 2.4.41-1 (bookworm) |
| oracle | communications_element_manager | — | — |
| oracle | communications_element_manager | — | — |
| oracle | communications_element_manager | — | — |
| oracle | communications_element_manager | — | — |
| oracle | communications_session_report_manager | — | — |
| oracle | communications_session_report_manager | — | — |
| oracle | communications_session_report_manager | — | — |
| oracle | communications_session_route_manager | — | — |
| oracle | communications_session_route_manager | — | — |
| oracle | communications_session_route_manager | — | — |
| oracle | enterprise_manager_ops_center | — | — |
| oracle | enterprise_manager_ops_center | — | — |
| oracle | http_server | — | — |
| oracle | instantis_enterprisetrack | 17.1 – 17.3 | — |
| oracle | retail_xstore_point_of_service | — | — |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
osv7.2HIGH
vulncheck7.2HIGH