Описание
ELSA-2025-9434: mod_proxy_cluster security update (MODERATE)
[1.3.22-1.el9_6.1]
- Resolves: RHEL-81070 Rebase mod_proxy_cluster to upstream 1.3.22.Final release
[1.3.20-1]
- Rebase mod_cluster to upstream 1.3.20.Final tag
- Related: RHEL-27497 - Rebase to upstream 1.3.20.Final release
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
mod_proxy_cluster
1.3.22-1.el9_6.1
Oracle Linux x86_64
mod_proxy_cluster
1.3.22-1.el9_6.1
Связанные CVE
Связанные уязвимости
A vulnerability was found in mod_proxy_cluster. The issue is that the <Directory> directive should be replaced by the <Location> directive as the former does not restrict IP/host access as `Require ip IP_ADDRESS` would suggest. This means that anyone with access to the host might send MCMP requests that may result in adding/removing/updating nodes for the balancing. However, this host should not be accessible to the public network as it does not serve the general traffic.
A vulnerability was found in mod_proxy_cluster. The issue is that the <Directory> directive should be replaced by the <Location> directive as the former does not restrict IP/host access as `Require ip IP_ADDRESS` would suggest. This means that anyone with access to the host might send MCMP requests that may result in adding/removing/updating nodes for the balancing. However, this host should not be accessible to the public network as it does not serve the general traffic.
A vulnerability was found in mod_proxy_cluster. The issue is that the ...
A vulnerability was found in mod_proxy_cluster. The issue is that the <Directory> directive should be replaced by the <Location> directive as the former does not restrict IP/host access as `Require ip IP_ADDRESS` would suggest. This means that anyone with access to the host might send MCMP requests that may result in adding/removing/updating nodes for the balancing. However, this host should not be accessible to the public network as it does not serve the general traffic.
ELSA-2025-9466: mod_proxy_cluster security update (MODERATE)