Vulnerability Description
A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host and adds the script to the cluster-manager page.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Modcluster | Mod Proxy Cluster | - |
| Redhat | Enterprise Linux | 9.0 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2024:1316
- https://access.redhat.com/errata/RHSA-2024:1317
- https://access.redhat.com/errata/RHSA-2024:2387
- https://access.redhat.com/security/cve/CVE-2023-6710Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2254128Issue TrackingThird Party Advisory
- https://access.redhat.com/errata/RHSA-2024:1316
- https://access.redhat.com/errata/RHSA-2024:1317
- https://access.redhat.com/errata/RHSA-2024:2387
- https://access.redhat.com/security/cve/CVE-2023-6710Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2254128Issue TrackingThird Party Advisory
FAQ
What is CVE-2023-6710?
CVE-2023-6710 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XS...
How severe is CVE-2023-6710?
CVE-2023-6710 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-6710?
Check the references section above for vendor advisories and patch information. Affected products include: Modcluster Mod Proxy Cluster, Redhat Enterprise Linux.