Search for vulnerabilities
Vulnerability details: VCID-ncxa-2sp4-aaam
Vulnerability ID VCID-ncxa-2sp4-aaam
Aliases CVE-2019-10092
Summary In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.
Status Published
Exploitability 2.0
Weighted Severity 7.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
System Score Found at
generic_textual Low http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10092.html
rhas Moderate https://access.redhat.com/errata/RHSA-2020:1336
rhas Moderate https://access.redhat.com/errata/RHSA-2020:1337
rhas Moderate https://access.redhat.com/errata/RHSA-2020:4751
cvssv3 4.7 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10092.json
epss 0.02387 https://api.first.org/data/v1/epss?cve=CVE-2019-10092
epss 0.02387 https://api.first.org/data/v1/epss?cve=CVE-2019-10092
epss 0.02387 https://api.first.org/data/v1/epss?cve=CVE-2019-10092
epss 0.04018 https://api.first.org/data/v1/epss?cve=CVE-2019-10092
epss 0.08142 https://api.first.org/data/v1/epss?cve=CVE-2019-10092
epss 0.08142 https://api.first.org/data/v1/epss?cve=CVE-2019-10092
epss 0.08142 https://api.first.org/data/v1/epss?cve=CVE-2019-10092
epss 0.08142 https://api.first.org/data/v1/epss?cve=CVE-2019-10092
epss 0.08142 https://api.first.org/data/v1/epss?cve=CVE-2019-10092
epss 0.08142 https://api.first.org/data/v1/epss?cve=CVE-2019-10092
epss 0.08142 https://api.first.org/data/v1/epss?cve=CVE-2019-10092
epss 0.08142 https://api.first.org/data/v1/epss?cve=CVE-2019-10092
epss 0.08142 https://api.first.org/data/v1/epss?cve=CVE-2019-10092
epss 0.08142 https://api.first.org/data/v1/epss?cve=CVE-2019-10092
epss 0.08142 https://api.first.org/data/v1/epss?cve=CVE-2019-10092
epss 0.8299 https://api.first.org/data/v1/epss?cve=CVE-2019-10092
epss 0.8299 https://api.first.org/data/v1/epss?cve=CVE-2019-10092
epss 0.83034 https://api.first.org/data/v1/epss?cve=CVE-2019-10092
epss 0.83034 https://api.first.org/data/v1/epss?cve=CVE-2019-10092
epss 0.83034 https://api.first.org/data/v1/epss?cve=CVE-2019-10092
epss 0.83034 https://api.first.org/data/v1/epss?cve=CVE-2019-10092
epss 0.83034 https://api.first.org/data/v1/epss?cve=CVE-2019-10092
epss 0.8415 https://api.first.org/data/v1/epss?cve=CVE-2019-10092
epss 0.8415 https://api.first.org/data/v1/epss?cve=CVE-2019-10092
epss 0.8415 https://api.first.org/data/v1/epss?cve=CVE-2019-10092
epss 0.8415 https://api.first.org/data/v1/epss?cve=CVE-2019-10092
epss 0.8415 https://api.first.org/data/v1/epss?cve=CVE-2019-10092
epss 0.8415 https://api.first.org/data/v1/epss?cve=CVE-2019-10092
epss 0.8415 https://api.first.org/data/v1/epss?cve=CVE-2019-10092
epss 0.8415 https://api.first.org/data/v1/epss?cve=CVE-2019-10092
epss 0.8415 https://api.first.org/data/v1/epss?cve=CVE-2019-10092
epss 0.8415 https://api.first.org/data/v1/epss?cve=CVE-2019-10092
epss 0.8415 https://api.first.org/data/v1/epss?cve=CVE-2019-10092
epss 0.8415 https://api.first.org/data/v1/epss?cve=CVE-2019-10092
epss 0.8415 https://api.first.org/data/v1/epss?cve=CVE-2019-10092
epss 0.8415 https://api.first.org/data/v1/epss?cve=CVE-2019-10092
epss 0.8415 https://api.first.org/data/v1/epss?cve=CVE-2019-10092
epss 0.8415 https://api.first.org/data/v1/epss?cve=CVE-2019-10092
epss 0.8415 https://api.first.org/data/v1/epss?cve=CVE-2019-10092
epss 0.8415 https://api.first.org/data/v1/epss?cve=CVE-2019-10092
epss 0.8415 https://api.first.org/data/v1/epss?cve=CVE-2019-10092
epss 0.8415 https://api.first.org/data/v1/epss?cve=CVE-2019-10092
epss 0.8415 https://api.first.org/data/v1/epss?cve=CVE-2019-10092
epss 0.8415 https://api.first.org/data/v1/epss?cve=CVE-2019-10092
epss 0.8415 https://api.first.org/data/v1/epss?cve=CVE-2019-10092
epss 0.8415 https://api.first.org/data/v1/epss?cve=CVE-2019-10092
epss 0.8415 https://api.first.org/data/v1/epss?cve=CVE-2019-10092
epss 0.89229 https://api.first.org/data/v1/epss?cve=CVE-2019-10092
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=1743956
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517
cvssv3 7.1 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
apache_httpd low https://httpd.apache.org/security/json/CVE-2019-10092.json
cvssv3.1 7.5 https://httpd.apache.org/security/vulnerabilities_24.html
generic_textual HIGH https://httpd.apache.org/security/vulnerabilities_24.html
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2019-10092
cvssv3 6.1 https://nvd.nist.gov/vuln/detail/CVE-2019-10092
cvssv3.1 6.1 https://nvd.nist.gov/vuln/detail/CVE-2019-10092
generic_textual Medium https://ubuntu.com/security/notices/USN-4113-1
generic_textual Low https://usn.ubuntu.com/usn/usn-4113-1
generic_textual Low https://www.openwall.com/lists/oss-security/2019/08/15/4
cvssv3.1 9.8 https://www.oracle.com/security-alerts/cpuapr2020.html
generic_textual CRITICAL https://www.oracle.com/security-alerts/cpuapr2020.html
cvssv3.1 9.8 https://www.oracle.com/security-alerts/cpujan2020.html
generic_textual CRITICAL https://www.oracle.com/security-alerts/cpujan2020.html
cvssv3.1 9.8 https://www.oracle.com/security-alerts/cpujul2020.html
generic_textual CRITICAL https://www.oracle.com/security-alerts/cpujul2020.html
cvssv3.1 9.8 https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
generic_textual CRITICAL https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html
http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10092.html
https://access.redhat.com/errata/RHSA-2019:4126
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10092.json
https://api.first.org/data/v1/epss?cve=CVE-2019-10092
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-10092-Limited%20Cross-Site%20Scripting%20in%20mod_proxy%20Error%20Page-Apache%20httpd
https://httpd.apache.org/security/vulnerabilities_24.html
https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/73768e31e0fcae03e12f5aa87da1cb26dece39327f3c32060baa3e94@%3Cannounce.httpd.apache.org%3E
https://lists.apache.org/thread.html/73768e31e0fcae03e12f5aa87da1cb26dece39327f3c32060baa3e94%40%3Cannounce.httpd.apache.org%3E
https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0a83b112cd9701ef8a2061c8ed557f3dc9bb774d4da69fbb91bbc3c4@%3Cusers.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0a83b112cd9701ef8a2061c8ed557f3dc9bb774d4da69fbb91bbc3c4%40%3Cusers.httpd.apache.org%3E
https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
https://lists.debian.org/debian-lts-announce/2019/08/msg00034.html
https://lists.debian.org/debian-lts-announce/2019/09/msg00034.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RVHJHTU4JN3ULCQ44F2G6LZBF2LGNTC/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7RVHJHTU4JN3ULCQ44F2G6LZBF2LGNTC/
https://seclists.org/bugtraq/2019/Aug/47
https://seclists.org/bugtraq/2019/Oct/24
https://security.gentoo.org/glsa/201909-04
https://security.netapp.com/advisory/ntap-20190905-0003/
https://support.f5.com/csp/article/K30442259
https://ubuntu.com/security/notices/USN-4113-1
https://usn.ubuntu.com/4113-1/
https://usn.ubuntu.com/usn/usn-4113-1
https://www.debian.org/security/2019/dsa-4509
https://www.openwall.com/lists/oss-security/2019/08/15/4
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
http://www.openwall.com/lists/oss-security/2019/08/15/4
http://www.openwall.com/lists/oss-security/2020/08/08/1
http://www.openwall.com/lists/oss-security/2020/08/08/9
1743956 https://bugzilla.redhat.com/show_bug.cgi?id=1743956
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:secure_global_desktop:5.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:secure_global_desktop:5.5:*:*:*:*:*:*:*
cpe:2.3:a:redhat:software_collection:1.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collection:1.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:netapp:clustered_data_ontap:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:*:*:*:*:*:*:*:*
cpe:2.3:o:netapp:clustered_data_ontap:9.6:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:-:*:*:*:*:*:*
cpe:2.3:o:netapp:clustered_data_ontap:9.6:p1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p1:*:*:*:*:*:*
cpe:2.3:o:netapp:clustered_data_ontap:9.6:p3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p3:*:*:*:*:*:*
cpe:2.3:o:netapp:clustered_data_ontap:9.6:p4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p4:*:*:*:*:*:*
cpe:2.3:o:netapp:clustered_data_ontap:9.6:p7:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p7:*:*:*:*:*:*
cpe:2.3:o:netapp:clustered_data_ontap:9.6:p8:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p8:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
CVE-2019-10092 Exploit https://0day.work/proof-of-concept-for-apache-httpd-limited-cross-site-scripting-in-mod_proxy-error-page-cve-2019-10092/
CVE-2019-10092 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/47688.md
CVE-2019-10092 https://httpd.apache.org/security/json/CVE-2019-10092.json
CVE-2019-10092 https://nvd.nist.gov/vuln/detail/CVE-2019-10092
RHSA-2020:1336 https://access.redhat.com/errata/RHSA-2020:1336
RHSA-2020:1337 https://access.redhat.com/errata/RHSA-2020:1337
RHSA-2020:4751 https://access.redhat.com/errata/RHSA-2020:4751
Data source Exploit-DB
Date added Nov. 19, 2019
Description Apache Httpd mod_proxy - Error Page Cross-Site Scripting
Ransomware campaign use Unknown
Source publication date Oct. 14, 2019
Exploit type webapps
Platform multiple
Source update date Nov. 19, 2019
Source URL https://0day.work/proof-of-concept-for-apache-httpd-limited-cross-site-scripting-in-mod_proxy-error-page-cve-2019-10092/
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10092.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://httpd.apache.org/security/vulnerabilities_24.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-10092
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-10092
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-10092
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/security-alerts/cpuapr2020.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/security-alerts/cpujan2020.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/security-alerts/cpujul2020.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.89562
EPSS Score 0.02387
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.