CVE-2019-10092

MEDIUM NUCLEI LAB

Apache HTTP Server 2.4.0-2.4.39 - Cross-Site Scripting in mod_proxy Error Page

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2019-10092. PoCs published by Sebastian Neef, motikan2010, mbadanoiu. A Nuclei detection template is also available.

AI-analyzed exploit summary This writeup describes an SSRF vulnerability in Apache HTTP Server (CVE-2019-10092) where a vertical tab (%09) can be used to bypass proxy restrictions, redirecting users to an arbitrary domain. The provided configuration demonstrates the vulnerable setup.

Description

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.

Exploits (3)

exploitdb WRITEUP
by Sebastian Neef · webappsmultiple
https://www.exploit-db.com/exploits/47688

This writeup describes an SSRF vulnerability in Apache HTTP Server (CVE-2019-10092) where a vertical tab (%09) can be used to bypass proxy restrictions, redirecting users to an arbitrary domain. The provided configuration demonstrates the vulnerable setup.

Classification
Writeup 80%
Attack Type
Ssrf
Complexity
Trivial
Reliability
Reliable
Target: Apache HTTP Server 2.4.39 and earlier
No auth needed
Prerequisites: Apache HTTP Server with ProxyPass configured
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 5 stars
by motikan2010 · poc
https://github.com/motikan2010/CVE-2019-10092_Docker

This repository provides a Dockerized environment to demonstrate CVE-2019-10092, a limited cross-site scripting (XSS) vulnerability in Apache HTTP Server's mod_proxy error page. It includes a pre-configured Apache 2.2 instance and a Ruby-based HTTPS server to replicate the vulnerable setup.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Apache HTTP Server 2.2 with mod_proxy
No auth needed
Prerequisites: Docker environment · Apache HTTP Server 2.2 with mod_proxy enabled
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec SUSPICIOUS
by mbadanoiu · poc
https://github.com/mbadanoiu/CVE-2019-10092

The repository lacks actual exploit code and instead redirects users to an external PDF and blog post for details. The README provides minimal technical information about the vulnerability itself.

Classification
Suspicious 90%
Attack Type
Xss
Complexity
Moderate
Reliability
Theoretical
Target: Apache HTTP Server 2.4.0-2.4.39
No auth needed
Prerequisites: Proxying enabled · Misconfiguration leading to Proxy Error page display · User interaction
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Nuclei Templates (1)

Apache HTTP Server <=2.4.39 - HTML Injection/Partial Cross-Site Scripting
MEDIUMby pdteam
Shodan: cpe:"cpe:2.3:a:apache:http_server" || apache 2.4.49

References (34)

Core 34
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2019/08/15/4
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2019/dsa-4509
Mailing List, Third Party Advisory mailing-list x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Aug/47
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/08/msg00034.html
Patch, Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4113-1/
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20190905-0003/
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201909-04
Third Party Advisory x_refsource_confirm
https://support.f5.com/csp/article/K30442259
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/09/msg00034.html
Mailing List, Third Party Advisory mailing-list x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Oct/24
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:4126
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuapr2020.html
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujul2020.html
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujan2020.html
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2020/08/08/1
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2020/08/08/9

Scores

CVSS v3 6.1
EPSS 0.8201
EPSS Percentile 99.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Lab Environment

COMMUNITY
Community Lab
docker pull httpd:2.2

Details

CWE
CWE-79
Status published
Products (21)
apache/http_server 2.4.0 - 2.4.39
canonical/ubuntu_linux 16.04
canonical/ubuntu_linux 18.04
canonical/ubuntu_linux 19.04
debian/debian_linux 8.0
debian/debian_linux 9.0
debian/debian_linux 10.0
fedoraproject/fedora 30
netapp/clustered_data_ontap 9.6 (6 CPE variants)
netapp/clustered_data_ontap < 9.5
... and 11 more
Published Sep 26, 2019
Tracked Since Feb 18, 2026