Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Titleapache2 security update
Informations
NameDSA-4509First vendor Publication2019-08-26
VendorDebianLast vendor Modification2019-10-15
Severity (Vendor) N/ARevision3

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score7.8Attack RangeNetwork
Cvss Impact Score6.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

It was reported that the apache2 update released as DSA 4509-1 incorrectly fixed CVE-2019-10092. Updated apache2 packages are now available to correct this issue. For reference, the relevant part of the original advisory text follows.

CVE-2019-10092

Matei "Mal" Badanoiu reported a limited cross-site scripting vulnerability in the mod_proxy error page.

For the oldstable distribution (stretch), this problem has been fixed in version 2.4.25-3+deb9u9.

For the stable distribution (buster), this problem has been fixed in version 2.4.38-3+deb10u3.

We recommend that you upgrade your apache2 packages.

For the detailed security status of apache2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache2

Original Source

Url : http://www.debian.org/security/2019/dsa-4509

CWE : Common Weakness Enumeration

%idName
33 %CWE-400Uncontrolled Resource Consumption ('Resource Exhaustion')
33 %CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer
33 %CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application35
Application41
Application11
Os20
Os39
Os2

Alert History

If you want to see full details history, please login or register.
0
1
2
3
DateInformations
2019-10-16 00:18:39
  • Multiple Updates
2019-10-03 00:18:48
  • Multiple Updates
2019-10-01 01:13:16
  • Multiple Updates
2019-08-27 00:18:56
  • First insertion