VDB
DEBIAN-CVE-2019-10092
DEBIAN-CVE-2019-10092
PUBLISHED
CVSS 6.099999904632568 MEDIUM
In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.
Risk Scores
CVSS 3.1
6.099999904632568
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | apache2 | 0, 0, 0 |
| Debian:14 | apache2 | 0, 0, 0 |
| Debian:12 | apache2 | 0, 0, 0 |
| Debian:11 | apache2 | 0, 0, 0 |
Exploit Intelligence
- CVE-2019-10092: Limited Cross-Site Scripting via "Proxy Error" Page in Apache HTTP Server (github-poc-repo)
- CVE-2019-10092: Limited Cross-Site Scripting via "Proxy Error" Page in Apache HTTP Server (github-poc)
- CVE-2019-10092 Docker - Apache HTTP Server (github-poc)
- cve_db.json (github-poc)
- Nuclei Template: CVE-2019-10092 (nuclei-template)
Timeline
- Sep 26, 2019 CVE Published
- Apr 28, 2026 CVE Updated