CVE-2019-10098 Scanner
Detects 'Open Redirect' vulnerability in Apache HTTP server affects v. 2.4.0 to 2.4.39.
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 second
Time Interval
1 month
Scan only one
Url
Toolbox
-
The Apache HTTP server is a popular open-source web server software that is widely used to serve websites and web applications. It is a reliable and secure platform that is trusted by millions of websites and servers worldwide. The Apache HTTP server is known for its flexibility, extensibility, and robustness, and is used for a variety of purposes, such as hosting websites, serving static and dynamic content, and implementing web services.
The CVE-2019-10098 vulnerability is a serious security flaw in the Apache HTTP server that affects versions 2.4.0 to 2.4.39. This vulnerability can be exploited by attackers to launch a wide range of attacks, including denial-of-service attacks, cross-site scripting attacks, and arbitrary code execution attacks. The vulnerability is caused by an issue with the mod_rewrite module, which is used to rewrite URLs in the Apache HTTP server.
When exploited, the CVE-2019-10098 vulnerability can lead to serious consequences for websites and web applications. Attackers can use this vulnerability to bypass security controls, gain unauthorized access to sensitive data, and compromise the integrity of the web server. This vulnerability can also be used to launch attacks against the server's users, such as phishing attacks and malware distribution.
At s4e.io, we offer a range of pro features that can help users quickly and easily identify vulnerabilities in their digital assets. Our platform provides real-time vulnerability assessments, comprehensive reporting, and proactive threat intelligence to help users stay one step ahead of potential attackers. With s4e.io, users can rest assured that their digital assets are always protected from the latest security threats.
REFERENCES
- openwall.com: [oss-security] 20200401 CVE-2020-1927: mod_rewrite configurations vulnerable to open redirect
- lists.apache.org: [httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
- lists.apache.org: [httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
- lists.apache.org: [httpd-cvs] 20200420 svn commit: r1876764 - /httpd/httpd/branches/2.4.x/CHANGES
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://httpd.apache.org/security/vulnerabilities_24.html
- lists.apache.org: [httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
- lists.apache.org: [httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/
- lists.apache.org: [httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
- lists.apache.org: [httpd-cvs] 20210330 svn commit: r1073139 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
- lists.apache.org: [httpd-cvs] 20210330 svn commit: r1888194 [12/13] - /httpd/site/trunk/content/security/json/
- lists.apache.org: [httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
- lists.apache.org: [httpd-cvs] 20210330 svn commit: r1073149 [13/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
- lists.apache.org: [httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
- https://www.oracle.com/security-alerts/cpuApr2021.html