CVE-2019-10097
26.09.2019, 16:15
In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| apache | http_server | 2.4.33 |
| apache | http_server | 2.4.34 |
| apache | http_server | 2.4.35 |
| apache | http_server | 2.4.37 |
| apache | http_server | 2.4.38 |
| oracle | communications_element_manager | 8.0.0 |
| oracle | communications_element_manager | 8.1.0 |
| oracle | communications_element_manager | 8.1.1 |
| oracle | communications_element_manager | 8.2.0 |
| oracle | communications_session_report_manager | 8.1.1 |
| oracle | communications_session_report_manager | 8.2.0 |
| oracle | communications_session_report_manager | 8.2.1 |
| oracle | communications_session_route_manager | 8.1.1 |
| oracle | communications_session_route_manager | 8.2.0 |
| oracle | communications_session_route_manager | 8.2.1 |
| oracle | enterprise_manager_ops_center | 12.3.3 |
| oracle | enterprise_manager_ops_center | 12.4.0 |
| oracle | http_server | 12.2.1.4.0 |
| oracle | instantis_enterprisetrack | 17.1 ≤ 𝑥 ≤ 17.3 |
| oracle | retail_xstore_point_of_service | 7.1 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| apache2 |
| ||||||||||||||||||||||||||||||||||||||||||||
| apache2-devel |
| ||||||||||||||||||||||||||||||||||||||||||||
| apache2-doc |
| ||||||||||||||||||||||||||||||||||||||||||||
| apache2-prefork |
| ||||||||||||||||||||||||||||||||||||||||||||
| apache2-utils |
| ||||||||||||||||||||||||||||||||||||||||||||
| apache2-worker |
|
Amazon Linux Releases
Amazon Package | |||
|---|---|---|---|
| httpd |
| ||
| httpd-debuginfo |
| ||
| httpd-devel |
| ||
| httpd-filesystem |
| ||
| httpd-manual |
| ||
| httpd-tools |
| ||
| httpd24 |
| ||
| httpd24-debuginfo |
| ||
| httpd24-devel |
| ||
| httpd24-manual |
| ||
| httpd24-tools |
| ||
| mod24_ldap |
| ||
| mod24_md |
| ||
| mod24_proxy_html |
| ||
| mod24_session |
| ||
| mod24_ssl |
| ||
| mod_ldap |
| ||
| mod_md |
| ||
| mod_proxy_html |
| ||
| mod_session |
| ||
| mod_ssl |
|
Common Weakness Enumeration
References