What is CVE-2019-10092?

CVE-2019-10092 is a vulnerability in Apache Http Server. Published 2019-09-26.

Is CVE-2019-10092 known to be exploited?

28 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Http Server

CVE-2019-10092

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This…

EPSS: 0.824 (99.2th percentile) — read the EPSS interpretation.

Affected products

N/a Apache Http Server — versions 2.4.0 to 2.4.39

Public proof-of-concept exploits

References

[httpd-announce] 20190814 CVE-2019-10092: Limited cross-site scripting in mod_proxy (mailing-list, x_refsource_MLIST)
[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html (mailing-list, x_refsource_MLIST)
[oss-security] 20190814 CVE-2019-10092: Limited cross-site scripting in mod_proxy (mailing-list, x_refsource_MLIST)
FEDORA-2019-099575a123 (vendor-advisory, x_refsource_FEDORA)
DSA-4509 (vendor-advisory, x_refsource_DEBIAN)
20190826 [SECURITY] [DSA 4509-1] apache2 security update (mailing-list, x_refsource_BUGTRAQ)
[debian-lts-announce] 20190828 [SECURITY] [DLA 1900-1] apache2 security update (mailing-list, x_refsource_MLIST)
USN-4113-1 (vendor-advisory, x_refsource_UBUNTU)
openSUSE-SU-2019:2051 (vendor-advisory, x_refsource_SUSE)
security.netapp.com/advisory/ntap-20190905-0003/ (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2019-10092?: CVE-2019-10092 is a vulnerability in Apache Http Server. Published 2019-09-26.
Is CVE-2019-10092 known to be exploited?: 28 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.