CVE-2019-10098

Medium

In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by…

apache·CWE-601·Published 2019-09-25

CVSS

6.1

EPSS

0.74

KEV

Exploits

cve.orgen

220 chars

In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.

NVDen

220 chars

NVDes

281 chars

En el servidor HTTP Apache versiones 2.4.0 hasta 2.4.39, los Redireccionamientos configurados con mod_rewrite que fueron previstos a estar auto referenciados podrían ser engañados por nuevas líneas codificadas y redireccionadas a una URL inesperada dentro de la URL de la petición.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N
3.1	Primary	NVD	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N