Apache HTTP Server mod_remoteip Stack Buffer Overflow Vulnerability

By GIXnews


A vulnerability in the mod_remoteip module of the Apache HTTP Server could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on a targeted system.

The vulnerability is due to a stack buffer overflow condition or NULL pointer deference condition that could occur when processing user-supplied input when the mod_remoteip module of the affected software is configured to use a trusted intermediary proxy server. An attacker could exploit this vulnerability by sending a request that submits a malicious PROXY header to a proxy server that is trusted by the targeted system. A successful exploit could cause a stack buffer overflow condition or NULL pointer deference condition that the attacker could use to execute arbitrary code or cause a DoS condition.

Apache has confirmed the vulnerability and released software updates.

Security Impact Rating: High

CVE: CVE-2019-10097

Source:: Cisco Multivendor Vulnerability Alerts