Launchpad CVE tracker

CVE 2019-10097

In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients.

Related bugs and status

CVE-2019-10097 (Candidate) is related to these bugs:

Bug #1840188: Apply fix for CVE-2019-0197 in v2.4.29 in Bionic and Disco

Summary				In	Importance	Status
	1840188	Apply fix for CVE-2019-0197 in v2.4.29 in Bionic and Disco		apache2 (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://httpd.apache.o...
MISC: https://www.oracle.com...
REDHAT: RHSA-2019:4126
MLIST: [httpd-cvs] 20200401 s...
MLIST: [httpd-cvs] 20200401 s...
MISC: https://www.oracle.com...
MISC: https://www.oracle.com...
MISC: https://www.oracle.com...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210603 s...
MLIST: [httpd-cvs] 20210606 s...

Launchpad.net

CVE 2019-10097

Related bugs and status

Related bugs

References