Apache HTTP Server mod_proxy Cross-Site Scripting Vulnerability

By GIXnews


A vulnerability in the mod_proxy module of the Apache HTTP Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system.

The vulnerability exists in the mod_proxy module error page of the affected software and is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user to access a link that submits malicious input to the targeted system. A successful exploit could allow the attacker to execute arbitrary script code or access sensitive information on the targeted system.

Apache has confirmed the vulnerability and released software updates.

Security Impact Rating: Medium

CVE: CVE-2019-10092

Source:: Cisco Multivendor Vulnerability Alerts