Allele Security Alert
ASA-2019-00513
Identifier(s)
ASA-2019-00513, CVE-2019-10098
Title
mod_rewrite potential open redirect
Vendor(s)
The Apache Software Foundation
Product(s)
Apache HTTP Server
Affected version(s)
Apache HTTP Server versions 2.4.0 to 2.4.39
Fixed version(s)
Apache HTTP Server version 2.4.41
Proof of concept
Unknown
Description
Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.
Technical details
Unknown
Credits
Yukitsugu Sasaki
Reference(s)
httpd 2.4 vulnerabilities – The Apache HTTP Server Project
https://httpd.apache.org/security/vulnerabilities_24.html
Apache HTTP Server 2.4.41 Released
https://www.apache.org/dist/httpd/Announcement2.4.html
CVE-2019-10098: mod_rewrite configurations vulnerable to open redirect
https://seclists.org/oss-sec/2019/q3/141
[Apache-SVN] Revision 1864192
https://svn.apache.org/viewvc?view=revision&revision=1864192
CVE-2019-10098
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098
CVE-2019-10098
https://nvd.nist.gov/vuln/detail/CVE-2019-10098
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: August 21, 2019