CVE-2023-6710
Mod_cluster/mod_proxy_cluster: stored cross site scripting
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host and adds the script to the cluster-manager page.
Se encontró una falla en mod_proxy_cluster en el servidor Apache. Este problema puede permitir que un usuario malintencionado agregue un script en el parámetro 'alias' de la URL para activar la vulnerabilidad de Cross-Site Scripting (XSS) Almacenado. Al agregar un script en el parámetro alias en la URL, agrega un nuevo host virtual y agrega el script a la página del administrador del clúster. El impacto de esta vulnerabilidad se considera bajo, ya que la URL cluster_manager no debe exponerse al exterior y está protegida por usuario/contraseña.
Apache mod_proxy_cluster suffers from a cross site scripting vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-12-12 CVE Reserved
- 2023-12-12 CVE Published
- 2023-12-28 First Exploit
- 2024-09-13 CVE Updated
- 2024-11-11 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (7)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://github.com/DedSec-47/Metasploit-Exploits-CVE-2023-6710 | 2023-12-28 | |
https://github.com/DedSec-47/CVE-2023-6710 | 2023-12-28 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:1316 | 2024-04-30 | |
https://access.redhat.com/errata/RHSA-2024:1317 | 2024-04-30 | |
https://access.redhat.com/errata/RHSA-2024:2387 | 2024-04-30 | |
https://access.redhat.com/security/cve/CVE-2023-6710 | 2024-04-30 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2254128 | 2024-04-30 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Modcluster Search vendor "Modcluster" | Mod Proxy Cluster Search vendor "Modcluster" for product "Mod Proxy Cluster" | - | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 9.0 Search vendor "Redhat" for product "Enterprise Linux" and version "9.0" | - |
Affected
|