VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-2ps4-mxjg-33fd

Essentials
Severities (17)
References (28)
Severity details (5)
Exploits (1)
EPSS
History (1)

Vulnerability ID	VCID-2ps4-mxjg-33fd
Aliases	CVE-2019-10098
Summary	Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.
Status	Published
Exploitability	2.0
Weighted Severity	5.5
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

System	Score	Found at
cvssv3	3.7	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10098.json
epss	0.82997	https://api.first.org/data/v1/epss?cve=CVE-2019-10098
epss	0.82997	https://api.first.org/data/v1/epss?cve=CVE-2019-10098
epss	0.84709	https://api.first.org/data/v1/epss?cve=CVE-2019-10098
epss	0.85804	https://api.first.org/data/v1/epss?cve=CVE-2019-10098
epss	0.85804	https://api.first.org/data/v1/epss?cve=CVE-2019-10098
epss	0.85804	https://api.first.org/data/v1/epss?cve=CVE-2019-10098
epss	0.85804	https://api.first.org/data/v1/epss?cve=CVE-2019-10098
epss	0.85804	https://api.first.org/data/v1/epss?cve=CVE-2019-10098
epss	0.87094	https://api.first.org/data/v1/epss?cve=CVE-2019-10098
epss	0.87094	https://api.first.org/data/v1/epss?cve=CVE-2019-10098
epss	0.87094	https://api.first.org/data/v1/epss?cve=CVE-2019-10098
epss	0.87094	https://api.first.org/data/v1/epss?cve=CVE-2019-10098
cvssv3	8.2	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
apache_httpd	low	https://httpd.apache.org/security/json/CVE-2019-10098.json
cvssv2	5.8	https://nvd.nist.gov/vuln/detail/CVE-2019-10098
cvssv3.1	6.1	https://nvd.nist.gov/vuln/detail/CVE-2019-10098

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10098.json
		https://api.first.org/data/v1/epss?cve=CVE-2019-10098
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://httpd.apache.org/security/vulnerabilities_24.html
		https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E
		https://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210%40%3Ccvs.httpd.apache.org%3E
		https://www.oracle.com/security-alerts/cpuapr2020.html
		https://www.oracle.com/security-alerts/cpuApr2021.html
		https://www.oracle.com/security-alerts/cpujan2020.html
		https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
		http://www.openwall.com/lists/oss-security/2020/04/01/4
1743959		https://bugzilla.redhat.com/show_bug.cgi?id=1743959
cpe:2.3:a:apache:http_server::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server::::::::
CVE-2019-10098	Exploit	https://0day.work/open-redirects-in-improperly-configured-mod_rewrite-rules-poc-for-cve-2019-10098/
CVE-2019-10098	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/47689.md
CVE-2019-10098		https://httpd.apache.org/security/json/CVE-2019-10098.json
CVE-2019-10098		https://nvd.nist.gov/vuln/detail/CVE-2019-10098
RHSA-2020:1336		https://access.redhat.com/errata/RHSA-2020:1336
RHSA-2020:1337		https://access.redhat.com/errata/RHSA-2020:1337
RHSA-2020:2263		https://access.redhat.com/errata/RHSA-2020:2263
RHSA-2020:3958		https://access.redhat.com/errata/RHSA-2020:3958
RHSA-2020:4751		https://access.redhat.com/errata/RHSA-2020:4751
USN-4113-1		https://usn.ubuntu.com/4113-1/

Data source	Exploit-DB
Date added	Nov. 19, 2019
Description	Apache Httpd mod_rewrite - Open Redirects
Ransomware campaign use	Unknown
Source publication date	Oct. 14, 2019
Exploit type	webapps
Platform	multiple
Source update date	Nov. 19, 2019
Source URL	https://0day.work/open-redirects-in-improperly-configured-mod_rewrite-rules-poc-for-cve-2019-10098/

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10098.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-10098

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-10098

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.99211
EPSS Score	0.82997
Published At	Aug. 2, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:29:06.921602+00:00	Apache HTTPD Importer	Import	https://httpd.apache.org/security/json/CVE-2019-10098.json	37.0.0