Debian Security Advisory

DLA-1900-1 apache2 -- LTS security update

Date Reported:
29 Aug 2019
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2019-10092, CVE-2019-10098.
More information:

Two security vulnerabilities were found in the Apache HTTP server.

  • CVE-2019-10092

    Matei Mal Badanoiu reported a limited cross-site scripting vulnerability in the mod_proxy error page.

  • CVE-2019-10098

    Yukitsugu Sasaki reported a potential open redirect vulnerability in the mod_rewrite module.

For Debian 8 Jessie, these problems have been fixed in version 2.4.10-10+deb8u15.

We recommend that you upgrade your apache2 packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: