Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-10306

Опубликовано: 28 фев. 2025
Источник: redhat
CVSS3: 5.4
EPSS Низкий

Описание

A vulnerability was found in mod_proxy_cluster. The issue is that the directive should be replaced by the directive as the former does not restrict IP/host access as Require ip IP_ADDRESS would suggest. This means that anyone with access to the host might send MCMP requests that may result in adding/removing/updating nodes for the balancing. However, this host should not be accessible to the public network as it does not serve the general traffic.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat JBoss Core Servicesjbcs-httpd24-mod_proxy_clusterAffected
Red Hat JBoss Core Servicesmod_proxy_clusterAffected
Red Hat Enterprise Linux 10mod_proxy_clusterFixedRHBA-2025:530913.05.2025
Red Hat Enterprise Linux 10mod_proxy_clusterFixedRHSA-2025:946624.06.2025
Red Hat Enterprise Linux 9mod_proxy_clusterFixedRHBA-2025:297318.03.2025
Red Hat Enterprise Linux 9mod_proxy_clusterFixedRHSA-2025:943424.06.2025
Red Hat Enterprise Linux 9.4 Extended Update Supportmod_proxy_clusterFixedRHSA-2025:999701.07.2025

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-863
https://bugzilla.redhat.com/show_bug.cgi?id=2321302mod_proxy_cluster: mod_proxy_cluster unauthorized MCMP requests

EPSS

Процентиль: 14%
0.00047
Низкий

5.4 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2024-10306

CVSS3: 5.4
nvd
3 месяца назад

A vulnerability was found in mod_proxy_cluster. The issue is that the <Directory> directive should be replaced by the <Location> directive as the former does not restrict IP/host access as `Require ip IP_ADDRESS` would suggest. This means that anyone with access to the host might send MCMP requests that may result in adding/removing/updating nodes for the balancing. However, this host should not be accessible to the public network as it does not serve the general traffic.

debian логотип

CVE-2024-10306

CVSS3: 5.4
debian
3 месяца назад

A vulnerability was found in mod_proxy_cluster. The issue is that the ...

github логотип

GHSA-jm2g-3f56-rvvh

CVSS3: 5.4
github
3 месяца назад

A vulnerability was found in mod_proxy_cluster. The issue is that the <Directory> directive should be replaced by the <Location> directive as the former does not restrict IP/host access as `Require ip IP_ADDRESS` would suggest. This means that anyone with access to the host might send MCMP requests that may result in adding/removing/updating nodes for the balancing. However, this host should not be accessible to the public network as it does not serve the general traffic.

oracle-oval логотип

ELSA-2025-9466

oracle-oval
около 1 месяца назад

ELSA-2025-9466: mod_proxy_cluster security update (MODERATE)

oracle-oval логотип

ELSA-2025-9434

oracle-oval
около 1 месяца назад

ELSA-2025-9434: mod_proxy_cluster security update (MODERATE)

EPSS

Процентиль: 14%
0.00047
Низкий

5.4 Medium

CVSS3