PT-2019-3477 · Apache+7 · Apache Http Server+7

Publicado

2019-03-26

·

Atualizado

2024-06-15

·

CVE-2019-10098

CVSS v3.1

6.1

Média

VetorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Apache HTTP server versions 2.4.0 through 2.4.39
Description The issue is related to the mod rewrite function in the Apache HTTP server, which can be fooled by encoded newlines and redirect to an unexpected URL within the request URL. This can allow an attacker to gain unauthorized access to confidential information or impact the availability of information using a specially crafted URL request.
Recommendations For Apache HTTP server versions 2.4.0 through 2.4.39, consider updating the mod rewrite configuration to prevent self-referential redirects from being fooled by encoded newlines. As a temporary workaround, restrict access to the mod rewrite module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Open Redirect

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-601

Identificadores relacionados

ALSA-2020:4751
ALT-PU-2019-2471
ALT-PU-2019-3402
BDU:2019-03652
BDU:2020-01010
CESA-2020_3958
CESA-2020_4751
CVE-2019-10098
DLA-1900-1
DSA-4509-1
DSA-4509-2
MGASA-2019-0407
OPENSUSE-SU-2019:2051-1
OPENSUSE-SU-2019_2051-1
OPENSUSE-SU-2024:10623-1
RHSA-2020:1337
RHSA-2020:2263
RHSA-2020:3958
RHSA-2020:4751
RHSA-2020_3958
RHSA-2020_4751
RLSA-2020:4751
SUSE-SU-2019:2237-1
SUSE-SU-2019:2329-1
USN-4113-1
USN-4113-2

Produtos afetados

Alt Linux
Almalinux
Apache Http Server
Centos
Red Hat
Rocky Linux
Suse
Ubuntu