What is the severity of REDHAT-BUG-2254128?

The vulnerability described in REDHAT-BUG-2254128 is a stored cross-site scripting (XSS) vulnerability in the Apache mod_proxy_cluster.

How do I fix REDHAT-BUG-2254128?

To mitigate REDHAT-BUG-2254128, it is recommended to update the Apache mod_proxy_cluster to the latest patched version.

What systems are affected by REDHAT-BUG-2254128?

REDHAT-BUG-2254128 affects systems running the Apache mod_proxy_cluster module.

What are the potential impacts of REDHAT-BUG-2254128?

The potential impacts of REDHAT-BUG-2254128 include unauthorized script execution and data theft through cross-site scripting attacks.

How can REDHAT-BUG-2254128 be exploited?

REDHAT-BUG-2254128 can be exploited by a malicious user who manipulates the 'alias' parameter in the URL to inject a script.

Vulnerability/
REDHAT-BUG-2254128

low

12/12/2023

29/8/2024

REDHAT-BUG-2254128

First published: Tue Dec 12 2023(Updated: )

A flaw was found in the mod_proxy_cluster in the Apache server. A malicious user can add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting vulnerability. by adding a script on the alias parameter on the URL it adds a new virtual host and adds the script to the cluster-manager page. The impact of this vulnerability is considered as Low as the cluster_manager URL should NOT be exposed outside and protected by user/password.

Affected Software	Affected Version	How to fix
Apache mod_proxy_cluster

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of REDHAT-BUG-2254128?
The vulnerability described in REDHAT-BUG-2254128 is a stored cross-site scripting (XSS) vulnerability in the Apache mod_proxy_cluster.
How do I fix REDHAT-BUG-2254128?
To mitigate REDHAT-BUG-2254128, it is recommended to update the Apache mod_proxy_cluster to the latest patched version.
What systems are affected by REDHAT-BUG-2254128?
REDHAT-BUG-2254128 affects systems running the Apache mod_proxy_cluster module.
What are the potential impacts of REDHAT-BUG-2254128?
The potential impacts of REDHAT-BUG-2254128 include unauthorized script execution and data theft through cross-site scripting attacks.
How can REDHAT-BUG-2254128 be exploited?
REDHAT-BUG-2254128 can be exploited by a malicious user who manipulates the 'alias' parameter in the URL to inject a script.

agent/type
agent/first-publish-date
agent/severity
agent/description
agent/event
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2023-6710
agent/last-modified-date
agent/references
agent/source
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/apache
canonical/apache mod_proxy_cluster

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of REDHAT-BUG-2254128?
The vulnerability described in REDHAT-BUG-2254128 is a stored cross-site scripting (XSS) vulnerability in the Apache mod_proxy_cluster.
How do I fix REDHAT-BUG-2254128?
To mitigate REDHAT-BUG-2254128, it is recommended to update the Apache mod_proxy_cluster to the latest patched version.
What systems are affected by REDHAT-BUG-2254128?
REDHAT-BUG-2254128 affects systems running the Apache mod_proxy_cluster module.
What are the potential impacts of REDHAT-BUG-2254128?
The potential impacts of REDHAT-BUG-2254128 include unauthorized script execution and data theft through cross-site scripting attacks.
How can REDHAT-BUG-2254128 be exploited?
REDHAT-BUG-2254128 can be exploited by a malicious user who manipulates the 'alias' parameter in the URL to inject a script.