nuclei-templates/http/cves/2019/CVE-2019-10092.yaml

41 lines
2.1 KiB
YAML
Raw Normal View History

2021-01-09 14:45:11 +00:00
id: CVE-2019-10092
info:
name: Apache HTTP Server <=2.4.39 - HTML Injection/Partial Cross-Site Scripting
2021-04-06 06:46:11 +00:00
author: pdteam
2021-01-09 14:45:11 +00:00
severity: medium
description: Apache HTTP Server versions 2.4.0 through 2.4.39 are vulnerable to a limited cross-site scripting issue affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.
2023-09-27 15:51:13 +00:00
impact: |
Successful exploitation of this vulnerability could allow an attacker to inject malicious HTML code or execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
2023-09-06 12:53:28 +00:00
remediation: |
Upgrade to Apache HTTP Server version 2.4.40 or later, which includes a fix for this vulnerability.
reference:
2021-03-25 10:02:27 +00:00
- https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-10092-Limited%20Cross-Site%20Scripting%20in%20mod_proxy%20Error%20Page-Apache%20httpd
- https://httpd.apache.org/security/vulnerabilities_24.html
- https://lists.debian.org/debian-lts-announce/2019/09/msg00034.html
- https://nvd.nist.gov/vuln/detail/CVE-2019-10092
2023-07-11 19:49:27 +00:00
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2019-10092
cwe-id: CWE-79
epss-score: 0.07116
epss-percentile: 0.9334
2023-09-06 12:53:28 +00:00
cpe: cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
metadata:
max-request: 1
2023-07-11 19:49:27 +00:00
vendor: apache
product: http_server
tags: cve,cve2019,apache,htmli,injection
2021-01-09 14:45:11 +00:00
http:
2021-01-09 14:45:11 +00:00
- method: GET
path:
- '{{BaseURL}}/%5cgoogle.com/evil.html'
2023-07-11 19:49:27 +00:00
2021-01-09 14:45:11 +00:00
matchers:
- type: word
words:
Updated all templates tags with technologies (#3478) * Updated tags for template sonicwall-email-security-detect.yaml * Updated tags for template detect-sentry.yaml * Updated tags for template kong-detect.yaml * Updated tags for template openam-detect.yaml * Updated tags for template shiro-detect.yaml * Updated tags for template iplanet-web-server.yaml * Updated tags for template graylog-api-browser.yaml * Updated tags for template prtg-detect.yaml * Updated tags for template node-red-detect.yaml * Updated tags for template abyss-web-server.yaml * Updated tags for template geo-webserver.yaml * Updated tags for template autobahn-python-detect.yaml * Updated tags for template default-lighttpd-page.yaml * Updated tags for template microsoft-iis-8.yaml * Updated tags for template lucee-detect.yaml * Updated tags for template php-proxy-detect.yaml * Updated tags for template jenkins-detect.yaml * Updated tags for template cockpit-detect.yaml * Updated tags for template csrfguard-detect.yaml * Updated tags for template dwr-index-detect.yaml * Updated tags for template netsweeper-webadmin-detect.yaml * Updated tags for template weblogic-detect.yaml * Updated tags for template s3-detect.yaml * Updated tags for template tileserver-gl.yaml * Updated tags for template springboot-actuator.yaml * Updated tags for template terraform-detect.yaml * Updated tags for template redmine-cli-detect.yaml * Updated tags for template mrtg-detect.yaml * Updated tags for template tableau-server-detect.yaml * Updated tags for template magmi-detect.yaml * Updated tags for template oidc-detect.yaml * Updated tags for template tor-socks-proxy.yaml * Updated tags for template synology-web-station.yaml * Updated tags for template herokuapp-detect.yaml * Updated tags for template gunicorn-detect.yaml * Updated tags for template sql-server-reporting.yaml * Updated tags for template google-bucket-service.yaml * Updated tags for template kubernetes-mirantis.yaml * Updated tags for template kubernetes-enterprise-manager.yaml * Updated tags for template oracle-iplanet-web-server.yaml * Updated tags for template dell-idrac7-detect.yaml * Updated tags for template dell-idrac6-detect.yaml * Updated tags for template dell-idrac9-detect.yaml * Updated tags for template dell-idrac8-detect.yaml * Updated tags for template apache-guacamole.yaml * Updated tags for template aws-cloudfront-service.yaml * Updated tags for template aws-bucket-service.yaml * Updated tags for template nginx-linux-page.yaml * Updated tags for template telerik-fileupload-detect.yaml * Updated tags for template telerik-dialoghandler-detect.yaml * Updated tags for template htaccess-config.yaml * Updated tags for template microsoft-azure-error.yaml * Updated tags for template detect-options-method.yaml * Updated tags for template unpatched-coldfusion.yaml * Updated tags for template moodle-changelog.yaml * Updated tags for template detect-dns-over-https.yaml * Updated tags for template CVE-2019-19134.yaml * Updated tags for template CVE-2019-3929.yaml * Updated tags for template CVE-2019-19908.yaml * Updated tags for template CVE-2019-10475.yaml * Updated tags for template CVE-2019-17382.yaml * Updated tags for template CVE-2019-16332.yaml * Updated tags for template CVE-2019-14974.yaml * Updated tags for template CVE-2019-19368.yaml * Updated tags for template CVE-2019-12725.yaml * Updated tags for template CVE-2019-15501.yaml * Updated tags for template CVE-2019-9733.yaml * Updated tags for template CVE-2019-14322.yaml * Updated tags for template CVE-2019-9955.yaml * Updated tags for template CVE-2019-0230.yaml * Updated tags for template CVE-2019-10232.yaml * Updated tags for template CVE-2019-17506.yaml * Updated tags for template CVE-2019-8449.yaml * Updated tags for template CVE-2019-12593.yaml * Updated tags for template CVE-2019-10092.yaml * Updated tags for template CVE-2019-1821.yaml * Updated tags for template CVE-2019-3401.yaml * Updated tags for template CVE-2019-16662.yaml * Updated tags for template CVE-2019-5418.yaml * Updated tags for template CVE-2016-4975.yaml * Updated tags for template CVE-2016-1000137.yaml * Updated tags for template CVE-2016-7552.yaml * Updated tags for template CVE-2016-10956.yaml * Updated tags for template CVE-2016-1000146.yaml * Updated tags for template CVE-2013-2251.yaml * Updated tags for template CVE-2013-1965.yaml * Updated tags for template CVE-2014-2323.yaml * Updated tags for template CVE-2014-5111.yaml * Updated tags for template CVE-2014-2962.yaml * Updated tags for template CVE-2014-4561.yaml * Updated tags for template CVE-2014-4558.yaml * Updated tags for template CVE-2014-3120.yaml * Updated tags for template CVE-2007-5728.yaml * Updated tags for template CVE-2009-4679.yaml * Updated tags for template CVE-2009-1558.yaml * Updated tags for template CVE-2009-4202.yaml * Updated tags for template CVE-2009-0932.yaml * Updated tags for template CVE-2015-2068.yaml * Updated tags for template CVE-2015-8813.yaml * Updated tags for template CVE-2015-7450.yaml * Updated tags for template CVE-2015-2067.yaml * Updated tags for template CVE-2015-3306.yaml * Updated tags for template CVE-2015-3337.yaml * Updated tags for template CVE-2015-1427.yaml * Updated tags for template CVE-2015-1503.yaml * Updated tags for template CVE-2015-1880.yaml * Updated tags for template CVE-2018-3810.yaml * Updated tags for template CVE-2018-18069.yaml * Updated tags for template CVE-2018-17246.yaml * Updated tags for template CVE-2018-10141.yaml * Updated tags for template CVE-2018-16341.yaml * Updated tags for template CVE-2018-18777.yaml * Updated tags for template CVE-2018-15138.yaml * Updated tags for template CVE-2018-11784.yaml * Updated tags for template CVE-2018-16299.yaml * Updated tags for template CVE-2018-7251.yaml * Updated tags for template CVE-2018-1273.yaml * Updated tags for template CVE-2018-1271.yaml * Updated tags for template CVE-2018-11759.yaml * Updated tags for template CVE-2018-3167.yaml * Updated tags for template CVE-2018-7490.yaml * Updated tags for template CVE-2018-2628.yaml * Updated tags for template CVE-2018-13380.yaml * Updated tags for template CVE-2018-2893.yaml * Updated tags for template CVE-2018-5316.yaml * Updated tags for template CVE-2018-20985.yaml * Updated tags for template CVE-2018-10818.yaml * Updated tags for template CVE-2018-1000861.yaml * Updated tags for template CVE-2018-0296.yaml * Updated tags for template CVE-2018-19458.yaml * Updated tags for template CVE-2018-3760.yaml * Updated tags for template CVE-2018-12998.yaml * Updated tags for template CVE-2018-9118.yaml * Updated tags for template CVE-2018-1000130.yaml * Updated tags for template CVE-2008-6668.yaml * Updated tags for template CVE-2017-7269.yaml * Updated tags for template CVE-2017-1000170.yaml * Updated tags for template CVE-2017-16877.yaml * Updated tags for template CVE-2017-1000486.yaml * Updated tags for template CVE-2017-9822.yaml * Updated tags for template CVE-2017-0929.yaml * Updated tags for template CVE-2017-7921.yaml * Updated tags for template CVE-2017-14535.yaml * Updated tags for template CVE-2017-5521.yaml * Updated tags for template CVE-2017-12637.yaml * Updated tags for template CVE-2017-12635.yaml * Updated tags for template CVE-2017-11610.yaml * Updated tags for template CVE-2021-20114.yaml * Updated tags for template CVE-2021-40856.yaml * Updated tags for template CVE-2021-21972.yaml * Updated tags for template CVE-2021-31602.yaml * Updated tags for template CVE-2021-41773.yaml * Updated tags for template CVE-2021-37704.yaml * Updated tags for template CVE-2021-45046.yaml * Updated tags for template CVE-2021-26084.yaml * Updated tags for template CVE-2021-27931.yaml * Updated tags for template CVE-2021-24291.yaml * Updated tags for template CVE-2021-41648.yaml * Updated tags for template CVE-2021-37216.yaml * Updated tags for template CVE-2021-22005.yaml * Updated tags for template CVE-2021-37573.yaml * Updated tags for template CVE-2021-31755.yaml * Updated tags for template CVE-2021-43287.yaml * Updated tags for template CVE-2021-24274.yaml * Updated tags for template CVE-2021-33564.yaml * Updated tags for template CVE-2021-22145.yaml * Updated tags for template CVE-2021-24237.yaml * Updated tags for template CVE-2021-44848.yaml * Updated tags for template CVE-2021-25646.yaml * Updated tags for template CVE-2021-21816.yaml * Updated tags for template CVE-2021-41649.yaml * Updated tags for template CVE-2021-41291.yaml * Updated tags for template CVE-2021-41293.yaml * Updated tags for template CVE-2021-21801.yaml * Updated tags for template CVE-2021-29156.yaml * Updated tags for template CVE-2021-34370.yaml * Updated tags for template CVE-2021-27132.yaml * Updated tags for template CVE-2021-28151.yaml * Updated tags for template CVE-2021-26812.yaml * Updated tags for template CVE-2021-21985.yaml * Updated tags for template CVE-2021-43778.yaml * Updated tags for template CVE-2021-25281.yaml * Updated tags for template CVE-2021-40539.yaml * Updated tags for template CVE-2021-36749.yaml * Updated tags for template CVE-2021-21234.yaml * Updated tags for template CVE-2021-33221.yaml * Updated tags for template CVE-2021-42013.yaml * Updated tags for template CVE-2021-33807.yaml * Updated tags for template CVE-2021-44228.yaml * Updated tags for template CVE-2012-0896.yaml * Updated tags for template CVE-2012-0991.yaml * Updated tags for template CVE-2012-0392.yaml * Updated tags for template CVE-2012-4940.yaml * Updated tags for template CVE-2012-1226.yaml * Updated tags for template CVE-2012-4878.yaml * Updated tags for template CVE-2010-1304.yaml * Updated tags for template CVE-2010-1217.yaml * Updated tags for template CVE-2010-0759.yaml * Updated tags for template CVE-2010-2307.yaml * Updated tags for template CVE-2010-4231.yaml * Updated tags for template CVE-2010-2861.yaml * Updated tags for template CVE-2010-4282.yaml * Updated tags for template CVE-2010-1302.yaml * Updated tags for template CVE-2010-1461.yaml * Updated tags for template CVE-2020-4463.yaml * Updated tags for template CVE-2020-1943.yaml * Updated tags for template CVE-2020-36289.yaml * Updated tags for template CVE-2020-17518.yaml * Updated tags for template CVE-2020-12800.yaml * Updated tags for template CVE-2020-10770.yaml * Updated tags for template CVE-2020-17506.yaml * Updated tags for template CVE-2020-11547.yaml * Updated tags for template CVE-2020-11034.yaml * Updated tags for template CVE-2020-24589.yaml * Updated tags for template CVE-2020-9054.yaml * Updated tags for template CVE-2020-28976.yaml * Updated tags for template CVE-2020-16952.yaml * Updated tags for template CVE-2020-24312.yaml * Updated tags for template CVE-2020-8512.yaml * Updated tags for template CVE-2020-14179.yaml * Updated tags for template CVE-2020-6308.yaml * Updated tags for template CVE-2020-35846.yaml * Updated tags for template CVE-2020-7318.yaml * Updated tags for template CVE-2020-2140.yaml * Updated tags for template CVE-2020-5410.yaml * Updated tags for template CVE-2020-5777.yaml * Updated tags for template CVE-2020-13700.yaml * Updated tags for template CVE-2020-5775.yaml * Updated tags for template CVE-2020-13167.yaml * Updated tags for template CVE-2020-35848.yaml * Updated tags for template CVE-2020-9484.yaml * Updated tags for template CVE-2020-15505.yaml * Updated tags for template CVE-2020-9047.yaml * Updated tags for template CVE-2020-17519.yaml * Updated tags for template CVE-2020-17505.yaml * Updated tags for template CVE-2020-9376.yaml * Updated tags for template CVE-2020-8497.yaml * Updated tags for template CVE-2020-14092.yaml * Updated tags for template CVE-2020-10148.yaml * Updated tags for template CVE-2020-35847.yaml * Updated tags for template CVE-2020-12116.yaml * Updated tags for template CVE-2020-11930.yaml * Updated tags for template CVE-2020-24186.yaml * Updated tags for template CVE-2020-9496.yaml * Updated tags for template CVE-2020-35489.yaml * Updated tags for template CVE-2020-26413.yaml * Updated tags for template CVE-2020-2096.yaml * misc updates * misc update * more updates Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-01-04 19:34:16 +00:00
- "<a href=\"/\\google.com/evil.html\">"
# digest: 4b0a00483046022100cf7b74757369fdca2726f4be8043d410911a61a6ff57c674a2fdea6db7e5ff72022100b31692e88e01fa8ac9c6e6ade337723ae79cab3ee421101a31b483f51497a1b2:922c64590222798bb761d5b6d8e72950