Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-6710

Опубликовано: 12 дек. 2023
Источник: redhat
CVSS3: 5.4
EPSS Низкий

Описание

A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host and adds the script to the cluster-manager page.

Отчет

The impact of this vulnerability is considered as Low, as the cluster_manager URL should not be exposed outside and is protected by user/password.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat JBoss Core Servicesmod_proxy_clusterAffected
JBoss Core Services for RHEL 8jbcs-httpd24-mod_proxy_clusterFixedRHSA-2024:131618.03.2024
JBoss Core Services on RHEL 7jbcs-httpd24-mod_proxy_clusterFixedRHSA-2024:131618.03.2024
Red Hat Enterprise Linux 9mod_proxy_clusterFixedRHSA-2024:238730.04.2024
Text-Only JBCSjbcs-httpd24-mod_proxy_clusterFixedRHSA-2024:131718.03.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=2254128mod_cluster/mod_proxy_cluster: Stored Cross site Scripting

EPSS

Процентиль: 69%
0.0063
Низкий

5.4 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2023-6710

CVSS3: 5.4
nvd
больше 1 года назад

A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host and adds the script to the cluster-manager page.

debian логотип

CVE-2023-6710

CVSS3: 5.4
debian
больше 1 года назад

A flaw was found in the mod_proxy_cluster in the Apache server. This i ...

github логотип

GHSA-5xpv-wgx6-ggmv

CVSS3: 3.5
github
больше 1 года назад

A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host and adds the script to the cluster-manager page. The impact of this vulnerability is considered as Low, as the cluster_manager URL should not be exposed outside and is protected by user/password.

oracle-oval логотип

ELSA-2024-2387

oracle-oval
больше 1 года назад

ELSA-2024-2387: mod_jk and mod_proxy_cluster security update (MODERATE)

EPSS

Процентиль: 69%
0.0063
Низкий

5.4 Medium

CVSS3