Apache – CVE-2019-10098

Description

Kayran has detected that the version of Apache HTTP Server being used is vulnerable to Phishing
attacks and client-side attacks on browsers. Also known as CVE-2019-10098.

in mod_rewrite, certain self-referential mod_rewrite rules could be fooled by encoded newlines.
That will cause them to redirect users to an unexpected URL within the URL found in the request.

Severity/Score

CVSS Version 3.x – 6.1 Medium

Recommendation

To fix CVE-2019-10098, upgrade the version of Apache Server being used to 2.4.41.

References

https://httpd.apache.org/docs/2.4/mod/mod_rewrite.html

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098

https://cwe.mitre.org/data/definitions/601.html

< Return to all Vulnerabilities

Red Team

You’ve probably heard that there are teams in the Cyber field called Red Team and Blue Team. Let’s talk about the red one, shall we?

Read More »

Servers 101

Let’s have a “quick” Servers 101 Course. Courtesy of Kayran! If you’ve been on the internet for over an hour, you probably already heard of

Read More »