CVE-2019-10097

Published: Sep 26, 2019Modified: Nov 21, 2024

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients.

Affected (20)

Products: Apache: Http Server · Oracle: Communications Element Manager, Communications Session Report Manager, Communications Session Route Manager, Enterprise Manager Ops Center, Http Server, Instantis Enterprisetrack, Retail Xstore Point Of Service

1 product

7 products

Communications Element Manager

Communications Session Report Manager

Communications Session Route Manager

Enterprise Manager Ops Center

Instantis Enterprisetrack

Retail Xstore Point Of Service

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Apache Http Server	Version 2.4.33
Apache Http Server	Version 2.4.34
Apache Http Server	Version 2.4.35
Apache Http Server	Version 2.4.37
Apache Http Server	Version 2.4.38

Configuration B

15 vulnerable

Vulnerable Software	Affected Versions
Oracle Communications Element Manager	Version 8.0.0
Oracle Communications Element Manager	Version 8.1.0
Oracle Communications Element Manager	Version 8.1.1
Oracle Communications Element Manager	Version 8.2.0
Oracle Communications Session Report Manager	Version 8.1.1
Oracle Communications Session Report Manager	Version 8.2.0
Oracle Communications Session Report Manager	Version 8.2.1
Oracle Communications Session Route Manager	Version 8.1.1
Oracle Communications Session Route Manager	Version 8.2.0
Oracle Communications Session Route Manager	Version 8.2.1
Oracle Enterprise Manager Ops Center	Version 12.3.3
Oracle Enterprise Manager Ops Center	Version 12.4.0
Oracle Http Server	Version 12.2.1.4.0
Oracle Instantis Enterprisetrack	From 17.1 to 17.3
Oracle Retail Xstore Point Of Service	Version 7.1

Related CWEs

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (34)

https://access.redhat.com/errata/RHSA-2019:4126

Source: security@apache.org

Third Party Advisory

https://httpd.apache.org/security/vulnerabilities_24.html

Source: security@apache.org

Vendor Advisory

https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

Source: security@apache.org

https://www.oracle.com/security-alerts/cpuapr2020.html

Source: security@apache.org

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2020.html

Source: security@apache.org

Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2020.html

Source: security@apache.org

Third Party Advisory

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Source: security@apache.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:4126

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://httpd.apache.org/security/vulnerabilities_24.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.oracle.com/security-alerts/cpuapr2020.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2020.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2020.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.