vulnerability

CentOS Linux: CVE-2019-10092: Moderate: httpd:2.4 security, bug fix, and enhancement update (CESA-2020:4751)

Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Sep 26, 2019
Added
Nov 5, 2020
Modified
May 25, 2023

Description

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.

Solution(s)

centos-upgrade-httpdcentos-upgrade-httpd-debuginfocentos-upgrade-httpd-debugsourcecentos-upgrade-httpd-develcentos-upgrade-httpd-filesystemcentos-upgrade-httpd-manualcentos-upgrade-httpd-toolscentos-upgrade-httpd-tools-debuginfocentos-upgrade-mod_http2centos-upgrade-mod_http2-debuginfocentos-upgrade-mod_http2-debugsourcecentos-upgrade-mod_ldapcentos-upgrade-mod_ldap-debuginfocentos-upgrade-mod_mdcentos-upgrade-mod_md-debuginfocentos-upgrade-mod_md-debugsourcecentos-upgrade-mod_proxy_htmlcentos-upgrade-mod_proxy_html-debuginfocentos-upgrade-mod_sessioncentos-upgrade-mod_session-debuginfocentos-upgrade-mod_sslcentos-upgrade-mod_ssl-debuginfo
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.