nuclei-templates/http/cves/2019/CVE-2019-10092.yaml

44 lines
2.2 KiB
YAML

id: CVE-2019-10092
info:
name: Apache HTTP Server <=2.4.39 - HTML Injection/Partial Cross-Site Scripting
author: pdteam
severity: medium
description: Apache HTTP Server versions 2.4.0 through 2.4.39 are vulnerable to a limited cross-site scripting issue affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.
impact: |
Successful exploitation of this vulnerability could allow an attacker to inject malicious HTML code or execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
remediation: |
Upgrade to Apache HTTP Server version 2.4.40 or later, which includes a fix for this vulnerability.
reference:
- https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-10092-Limited%20Cross-Site%20Scripting%20in%20mod_proxy%20Error%20Page-Apache%20httpd
- https://httpd.apache.org/security/vulnerabilities_24.html
- https://lists.debian.org/debian-lts-announce/2019/09/msg00034.html
- https://nvd.nist.gov/vuln/detail/CVE-2019-10092
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2019-10092
cwe-id: CWE-79
epss-score: 0.07116
epss-percentile: 0.93987
cpe: cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: apache
product: http_server
shodan-query:
- cpe:"cpe:2.3:a:apache:http_server"
- apache 2.4.49
tags: cve,cve2019,apache,htmli,injection
http:
- method: GET
path:
- '{{BaseURL}}/%5cgoogle.com/evil.html'
matchers:
- type: word
words:
- "<a href=\"/\\google.com/evil.html\">"
# digest: 4a0a00473045022100bfe2eb7f8a4f95d91a420f7ad97b449eb4a6d0f5943939f24271168a88e3a48102202e82f70bff457ab6443cf8b75fcd733564ec1223feacb6d86ba85e98c95a4fc2:922c64590222798bb761d5b6d8e72950