Bug 1743956 (CVE-2019-10092) - CVE-2019-10092 httpd: limited cross-site scripting in mod_proxy error page
Summary: CVE-2019-10092 httpd: limited cross-site scripting in mod_proxy error page
Status: NEW
Alias: CVE-2019-10092
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 1747280 1747281 1747282 1743957
Blocks: 1744000
TreeView+ depends on / blocked
Reported: 2019-08-21 05:05 UTC by Dhananjay Arunesh
Modified: 2019-11-20 04:09 UTC (History)
24 users (show)

Fixed In Version: httpd 2.4.41
Doc Type: If docs needed, set a value
Doc Text:
A cross-site scripting vulnerability was found in Apache httpd, affecting the mod_proxy error page. Under certain circumstances, a crafted link could inject content into the HTML displayed in the error page, potentially leading to client-side exploitation.
Clone Of:
Last Closed:

Attachments (Terms of Use)

Description Dhananjay Arunesh 2019-08-21 05:05:41 UTC
A limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malfomed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.

Comment 1 Dhananjay Arunesh 2019-08-21 05:06:00 UTC
Created httpd tracking bugs for this issue:

Affects: fedora-all [bug 1743957]

Comment 2 Dhananjay Arunesh 2019-08-21 06:25:28 UTC
External References:


Comment 4 Joshua Padman 2019-08-28 12:16:17 UTC
This vulnerability is out of security support scope for the following product:
 * Red Hat JBoss Web Server 3 
 * Red Hat JBoss Enterprise Web Server 2

Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.

Comment 6 Doran Moppert 2019-08-30 04:05:47 UTC

This flaw is only exploitable if mod_proxy is in use

Comment 8 Doran Moppert 2019-09-04 03:31:35 UTC

This flaw is only exploitable if Proxy* directives are used in Apache httpd configuration.  The following command can be used to search for possible vulnerable configurations:

    grep -R '^\s*Proxy' /etc/httpd/

See https://httpd.apache.org/docs/2.4/mod/mod_proxy.html

Note You need to log in before you can comment on or make changes to this bug.