Description

In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients.

Remediation

References

CVE-2019-10097

Related Vulnerabilities

Magento Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-7861)

Atlassian Jira Improper Authentication Vulnerability (CVE-2021-39119)

PHP Improper Input Validation Vulnerability (CVE-2008-3660)

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0005)

Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-2071)

Severity

High

Classification

CVE-2019-10097 CWE-476 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities