CVE-2019-10092 Scanner

Apache HTTP Server is a popular web server software that is used to deliver websites to end users. It is an open-source, cross-platform tool that is widely used in the industry due to its reliability and flexibility. Apache HTTP Server can be used to host various web applications and provide HTTP services to clients. This server software is extensively used by businesses of all sizes and web developers for managing web servers.

CVE-2019-10092 is a Cross-Site Scripting vulnerability that has been detected in Apache HTTP Server. This vulnerability permits attackers to manipulate the mod_proxy error page, thus causing the link to be malformed and directing the user to a page of their choice. The attack is only applicable in a misconfigured setting of the Proxy Error page. Therefore, attackers can use this vulnerability to trick users into believing that a legitimate website is being accessed, whereas they are being redirected to a malicious one.

Exploitation of CVE-2019-10092 carries serious consequences that can expose users to different cyber security risks. Through this vulnerability, the attacker can gain unauthorized access to sensitive data, including login credentials, personal information, business secrets, and more. Additionally, users may be prompted to execute malicious scripts, leading to malware installations that can conduct cyber espionage, steal data, or disrupt the normal functioning of a system.

In conclusion, security is an ongoing process that requires ongoing vigilance to ensure that your digital assets remain protected against evolving threats. With the pro features of the s4e.io platform, individuals and organizations can quickly and easily stay up-to-date with the latest vulnerabilities in their digital assets and take action to mitigate risks. By leveraging these tools, users can better protect themselves against the CVE-2019-10092 vulnerability and other online threats, ultimately providing a safer and more secure online experience.

REFERENCES

• lists.apache.org: [httpd-announce] 20190814 CVE-2019-10092: Limited cross-site scripting in mod_proxy 
• lists.apache.org: [httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html 
• openwall.com: [oss-security] 20190814 CVE-2019-10092: Limited cross-site scripting in mod_proxy 
• lists.fedoraproject.org: FEDORA-2019-099575a123 
• debian.org: DSA-4509 
• seclists.org: 20190826 [SECURITY] [DSA 4509-1] apache2 security update 
• lists.debian.org: [debian-lts-announce] 20190828 [SECURITY] [DLA 1900-1] apache2 security update 
• usn.ubuntu.com: USN-4113-1 
• lists.opensuse.org: openSUSE-SU-2019:2051 
• https://security.netapp.com/advisory/ntap-20190905-0003/ 
• security.gentoo.org: GLSA-201909-04 
• https://support.f5.com/csp/article/K30442259 
• lists.debian.org: [debian-lts-announce] 20190930 [SECURITY] [DLA 1900-2] apache2 regression update 
• seclists.org: 20191016 [SECURITY] [DSA 4509-3] apache2 security update 
• access.redhat.com: RHSA-2019:4126 
• lists.apache.org: [httpd-users] 20200202 Re: [users@httpd] Small difference on error messages 
• lists.apache.org: [httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html 
• lists.apache.org: [httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html 
• https://www.oracle.com/security-alerts/cpuapr2020.html 
• https://www.oracle.com/security-alerts/cpujul2020.html 
• https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html 
• https://www.oracle.com/security-alerts/cpujan2020.html 
• https://httpd.apache.org/security/vulnerabilities_24.html 
• https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-10092-Limited%20Cross-Site%20Scripting%20in%20mod_proxy%20Error%20Page-Apache%20httpd 
• openwall.com: [oss-security] 20200808 Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow 
• openwall.com: [oss-security] 20200808 Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow 
• lists.apache.org: [httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ 
• lists.apache.org: [httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/ 
• lists.apache.org: [httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html 
• lists.apache.org: [httpd-cvs] 20210330 svn commit: r1073139 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ 
• lists.apache.org: [httpd-cvs] 20210330 svn commit: r1888194 [12/13] - /httpd/site/trunk/content/security/json/
• lists.apache.org: [httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ 
• lists.apache.org: [httpd-cvs] 20210330 svn commit: r1073149 [13/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ 
• lists.apache.org: [httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html