WEB APPLICATION VULNERABILITIES Standard & Premium

Oracle HTTP Server NULL Pointer Dereference Vulnerability (CVE-2019-10097)

Description

In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients.

Remediation

References

Related Vulnerabilities

WordPress Plugin LittleBot ACH for Stripe + Plaid Unspecified Vulnerability (1.2.6)

WordPress Plugin Bangla Sidebar Login Cross-Site Scripting (1.0)

WordPress Plugin SMTP Mail Cross-Site Scripting (1.1.14)

Plone CMS Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-5500)

WordPress Plugin Social Sharing-Social Warfare Multiple Vulnerabilities (3.5.2)

Severity

High

Classification

CVE-2019-10097 CWE-476 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities