CVE-2019-10097 in Apache and Oracle Products
Published on September 26, 2019

In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients.

Vendor Advisory NVD

Products Associated with CVE-2019-10097

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-10097 are published in these products:

Apache HTTP Server

Oracle Communications Element Manager

Oracle Communications Session Report Manager

Oracle Communications Session Route Manager

Oracle Enterprise Manager Ops Center

Oracle Retail Xstore Point Of Service

Oracle Instantis Enterprisetrack

Oracle Http Server

Exploit Probability

EPSS

26.14%

Percentile

96.18%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2019-10097 in Apache and Oracle ProductsPublished on September 26, 2019

Products Associated with CVE-2019-10097

Exploit Probability

CVE-2019-10097 in Apache and Oracle Products
Published on September 26, 2019