.. / CVE-2019-10098

Exploit for Apache HTTP server v2.4.0 to v2.4.39 - Open Redirect (CVE-2019-10098)

Description:

In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.

Nuclei Template

View the template here CVE-2019-10098.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2019/CVE-2019-10098.yaml

References:

https://httpd.apache.org/security/vulnerabilities_24.html
https://www.oracle.com/security-alerts/cpuapr2021.html
https://nvd.nist.gov/vuln/detail/CVE-2019-10098
https://www.openwall.com/lists/oss-security/2020/04/01/4
https://www.oracle.com/security-alerts/cpuoct2019.html
https://www.exploit-db.com/exploits/47689

.. / CVE-2019-10098 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Apache HTTP server v2.4.0 to v2.4.39 - Open Redirect (CVE-2019-10098)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2019-10098