2019-09-26 18:15:10 2019-10-01 01:15:13

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.

Vector

NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE
Apache Http server 2.4.28 (not an official CPE) Apache Http server 2.4.27 (not an official CPE) Apache Http server 2.4.26 (not an official CPE) Apache Http server 2.4.25 (not an official CPE) Apache Http server 2.4.24 (not an official CPE) Apache Http server 2.4.23 (not an official CPE) Apache Http server 2.4.22 (not an official CPE) Apache Http server 2.4.21 (not an official CPE) Apache Http server 2.4.20 (not an official CPE) Apache Http server 2.4.19 (not an official CPE) Apache Http server 2.4.18 (not an official CPE) Apache Http server 2.4.17 (not an official CPE) Apache Http server 2.4.16 (not an official CPE) Apache Http server 2.4.14 (not an official CPE) Apache Software Foundation Apache HTTP Server 2.4.12 Apache Software Foundation Apache HTTP Server 2.4.10 Apache Software Foundation Apache HTTP Server 2.4.9 Apache Software Foundation Apache HTTP Server 2.4.8 Apache Software Foundation Apache HTTP Server 2.4.7 Apache Software Foundation Apache HTTP Server 2.4.6 Apache Http server 2.4.4 (not an official CPE) Apache Software Foundation Apache HTTP Server 2.4.3 Apache Software Foundation Apache HTTP Server 2.4.2 Apache Software Foundation Apache HTTP Server 2.4.1 Apache Software Foundation Apache HTTP Server 2.4.0 Apache Http server 2.4.29 (not an official CPE) Apache Http server 2.4.30 (not an official CPE) Apache Http server 2.4.32 (not an official CPE) Apache Http server 2.4.33 (not an official CPE) Apache Http server 2.4.34 (not an official CPE) Apache Http server 2.4.35 (not an official CPE) Apache Http server 2.4.36 (not an official CPE) Apache Http server 2.4.37 (not an official CPE) Apache Http server 2.4.38 (not an official CPE) Apache Http server 2.4.39 (not an official CPE)