A vulnerability was discovered in Apache httpd, in mod_rewrite. Certain self-referential mod_rewrite rules could be fooled by encoded newlines, causing them to redirect to an unexpected location. An attacker could abuse this flaw in a phishing attack or as part of a client-side attack on browsers.

Mitigation

This flaw requires the use of certain Rewrite configuration directives. The following command can be used to search for possible vulnerable configurations:

grep -R &#x27;^\s*Rewrite&#x27; /etc/httpd/

See <https://httpd.apache.org/docs/2.4/mod/mod_rewrite.html>

References

bugzilla.redhat.com/show_bug.cgi?id=1743959

httpd.apache.org/security/vulnerabilities_24.html

nvd.nist.gov/vuln/detail/CVE-2019-10098

www.cve.org/CVERecord?id=CVE-2019-10098

nvd 1

osv 5

cve 1

ubuntucve 1

debiancve 1

nuclei 1

prion 1

nessus 45

zdt 1

cvelist 1

f5 1

httpd 1

alpinelinux 1

veracode 1

debian 3

openvas 22

redhat 5

ibm 17

archlinux 1

fedora 4

freebsd 2

amazon 2

photon 6

centos 1

kaspersky 1

mageia 1

slackware 1

suse 1

gentoo 1

oraclelinux 2

ubuntu 2

almalinux 1

rocky 1

symantec 1

oracle 4

nvd

CVE-2019-10098

2019-09-25 17:15:10

osv

CVE-2019-10098

2019-09-25 17:15:10

apache2 - security update

2019-08-28 00:00:00

apache2 - security update

2019-08-26 00:00:00

cve

CVE-2019-10098

2019-09-25 17:15:10

ubuntucve

CVE-2019-10098

2019-08-14 00:00:00

debiancve

CVE-2019-10098

2019-09-25 17:15:10

nuclei

Apache HTTP server v2.4.0 to v2.4.39 - Open Redirect

2023-06-14 17:14:42

prion

Code injection

2019-09-25 17:15:00

nessus

F5 Networks BIG-IP : Apache HTTPD vulnerability (K25126370)

2021-07-08 00:00:00

EulerOS Virtualization for ARM 64 3.0.6.0 : httpd (EulerOS-SA-2020-1370)

2020-04-02 00:00:00

RHEL 6 / 7 : httpd24-httpd and httpd24-mod_md (RHSA-2020:2263)

2023-01-23 00:00:00

zdt

Apache Httpd mod_rewrite - Open Redirects Vulnerability

2019-11-19 00:00:00

cvelist

CVE-2019-10098

2019-09-25 16:39:23

K25126370 : Apache HTTPD vulnerability CVE-2019-10098

2019-09-17 00:00:00

httpd

Apache Httpd < 2.4.41 : mod_rewrite potential open redirect

2019-03-26 00:00:00

alpinelinux

CVE-2019-10098

2019-09-25 17:15:10

veracode

Open Redirects

2020-05-27 03:19:07

debian

[SECURITY] [DLA 1900-1] apache2 security update

2019-08-28 22:39:55

[SECURITY] [DSA 4509-1] apache2 security update

2019-08-26 19:52:07

[SECURITY] [DSA 4509-1] apache2 security update

2019-08-26 19:52:07

openvas

Debian: Security Advisory (DLA-1900-1)

2019-08-29 00:00:00

Apache HTTP Server 2.4.0 - 2.4.40 Multiple Vulnerabilities - Linux

2019-10-18 00:00:00

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2019-2691)

2020-01-23 00:00:00

redhat

(RHSA-2020:2263) Moderate: httpd24-httpd and httpd24-mod_md security and enhancement update

2020-05-26 07:28:44

(RHSA-2020:3958) Moderate: httpd security, bug fix, and enhancement update

2020-09-29 07:46:42

(RHSA-2020:1336) Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP2 security update

2020-04-06 19:02:18

ibm

Security Bulletin: Multiple security vulnerabilities have been identified in IBM HTTP Server shipped with IBM Rational ClearCase (CVE-2019-10092, CVE-2019-10098)

2019-10-08 19:24:20

Security Bulletin: Vulnerabilities in Apache HTTP CVE-2019-10098 and CVE-2020-1927.

2021-09-22 23:38:15

Security Bulletin: IBM Security SiteProtector System is affected by Apache HTTP Server vulnerabilities

2020-02-27 10:36:45

archlinux

[ASA-202004-14] apache: multiple issues

2020-04-15 00:00:00

fedora

[SECURITY] Fedora 29 Update: httpd-2.4.41-1.fc29

2019-09-30 01:39:18

[SECURITY] Fedora 30 Update: mod_md-2.0.8-2.fc30

2019-08-23 01:27:58

[SECURITY] Fedora 30 Update: httpd-2.4.41-1.fc30

2019-08-23 01:27:58

freebsd

Apache -- Multiple vulnerabilities

2020-04-01 00:00:00

Apache -- Multiple vulnerabilities

2019-08-14 00:00:00

amazon

Medium: httpd

2019-10-28 17:42:00

Medium: httpd24

2019-10-18 23:22:00

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-1.0-0253

2019-10-15 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-2.0-0178

2019-10-03 00:00:00

Critical Photon OS Security Update - PHSA-2019-0253

2019-10-15 00:00:00

centos

httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update

2020-10-20 18:13:33

kaspersky

KLA12366 Multiple vulnerabilities in Apache HTTP Server

2019-08-14 00:00:00

mageia

Updated apache packages fix security vulnerabilities

2019-12-25 22:08:41

slackware

[slackware-security] httpd

2020-03-31 19:45:57

suse

Security update for apache2 (important)

2019-09-02 00:00:00

gentoo

Apache: Multiple vulnerabilities

2019-09-06 00:00:00

oraclelinux

httpd security, bug fix, and enhancement update

2020-10-06 00:00:00

httpd:2.4 security, bug fix, and enhancement update

2020-11-10 00:00:00

ubuntu

Apache HTTP Server regression

2019-09-17 00:00:00

Apache HTTP Server vulnerabilities

2019-08-29 00:00:00

almalinux

Moderate: httpd:2.4 security, bug fix, and enhancement update

2020-11-03 12:33:02

rocky

httpd:2.4 security, bug fix, and enhancement update

2020-11-03 12:33:02

symantec

Apache HTTP Server Vulnerabilities Jan 2019 - Apr 2020

2020-06-12 20:41:37

oracle

Oracle Critical Patch Update Advisory - October 2019

2020-01-22 00:00:00

Oracle Critical Patch Update Advisory - January 2020

2020-01-14 00:00:00

Oracle Critical Patch Update Advisory - April 2021

2021-04-20 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.144 Low

EPSS

Percentile

95.8%

JSON

Related for RH:CVE-2019-10098