In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
07 Nov 2023, 03:02
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2019-09-26 16:15
Updated : 2024-02-28 17:28
NVD link : CVE-2019-10097
Mitre link : CVE-2019-10097
CVE.ORG link : CVE-2019-10097
JSON object : View
Products Affected
oracle
- communications_session_route_manager
- http_server
- retail_xstore_point_of_service
- communications_session_report_manager
- communications_element_manager
- enterprise_manager_ops_center
- instantis_enterprisetrack
apache
- http_server