CVE-2019-10097 - Apache HTTP Server

Critical 7.2

In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients.

Affected software

Apache HTTP Server

Reference links

Get alerted to vulnerabilities in your software

CVE alerts, vulnerability alerts, latest versions and news matched to your software stack.