Description
Cytrix has detected that the version of Apache HTTP Server being used is vulnerable to Phishing
attacks and client-side attacks on browsers. Also known as CVE-2019-10098.
in mod_rewrite, certain self-referential mod_rewrite rules could be fooled by encoded newlines.
That will cause them to redirect users to an unexpected URL within the URL found in the request.
Severity/Score
CVSS Version 3.x – 6.1 Medium
Recommendation
To fix CVE-2019-10098, upgrade the version of Apache Server being used to 2.4.41.
References
https://httpd.apache.org/docs/2.4/mod/mod_rewrite.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098