WEB APPLICATION VULNERABILITIES Standard & Premium

Oracle HTTP Server NULL Pointer Dereference Vulnerability (CVE-2019-10097)

Description

In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients.

Remediation

References

Related Vulnerabilities

WordPress Plugin WordPress fancyBox Lightbox Cross-Site Scripting (1.0.1)

WordPress Plugin Image News slider 'upload.php' Arbitrary File Upload (3.3)

Dotclear Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2016-9268)

XWiki Incorrect Authorization Vulnerability (CVE-2023-50732)

WordPress Plugin Attached images title editor Cross-Site Scripting (1.1.1)

Severity

High

Classification

CVE-2019-10097 CWE-476 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities