5.4
CVE-2024-10306
- EPSS 0.05%
- Published 23.04.2025 09:59:49
- Last modified 01.07.2025 03:15:20
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
A vulnerability was found in mod_proxy_cluster. The issue is that the <Directory> directive should be replaced by the <Location> directive as the former does not restrict IP/host access as `Require ip IP_ADDRESS` would suggest. This means that anyone with access to the host might send MCMP requests that may result in adding/removing/updating nodes for the balancing. However, this host should not be accessible to the public network as it does not serve the general traffic.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Collection URLhttps://github.com/modcluster/mod_proxy_cluster
≫
Package
mod_proxy_cluster
Default Statusunaffected
Version <
1.3.21.Final
Version
1.3.17
Status
affected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 10
Default Statusaffected
Version <
*
Version
0:1.3.21-1.el10
Status
unaffected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 10
Default Statusaffected
Version <
*
Version
0:1.3.22-1.el10_0.2
Status
unaffected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 9
Default Statusaffected
Version <
*
Version
0:1.3.22-1.el9_5.2
Status
unaffected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 9
Default Statusaffected
Version <
*
Version
0:1.3.22-1.el9_6.1
Status
unaffected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 9.4 Extended Update Support
Default Statusaffected
Version <
*
Version
0:1.3.22-1.el9_4.1
Status
unaffected
VendorRed Hat
≫
Product
Red Hat JBoss Core Services
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat JBoss Core Services
Default Statusaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.15 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| secalert@redhat.com | 5.4 | 2.8 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
|
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.