mod_proxy_cluster-1.3.22-1.el9_6.1

Release date:

Friday, July 25, 2025 - 13:38

Subject:

Affected Channels:

MIRACLE LINUX 9 for x86_64

Severity:

Moderate

Description:

The mod_proxy_cluster module is a plugin for the Apache HTTP Server that provides load-balancer functionality.

Security Fix(es):

* mod_proxy_cluster: mod_proxy_cluster unauthorized MCMP requests (CVE-2024-10306)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-10306
A vulnerability was found in mod_proxy_cluster. The issue is that the directive should be replaced by the directive as the former does not restrict IP/host access as `Require ip IP_ADDRESS` would suggest. This means that anyone with access to the host might send MCMP requests that may result in adding/removing/updating nodes for the balancing. However, this host should not be accessible to the public network as it does not serve the general traffic.

Solution:

Update packages.

CVEs:

CVE-2024-10306
A vulnerability was found in mod_proxy_cluster. The issue is that the directive should be replaced by the directive as the former does not restrict IP/host access as `Require ip IP_ADDRESS` would suggest. This means that anyone with access to the host might send MCMP requests that may result in adding/removing/updating nodes for the balancing. However, this host should not be accessible to the public network as it does not serve the general traffic.

Additional Info:

N/A

Download:

SRPMS

mod_proxy_cluster-1.3.22-1.el9_6.1.src.rpm
MD5: f904937a3aba5465336471102d495a83
SHA-256: 95722519b948fea29649a75df9d801465937155e82baf6ee1bc1e0f604a77977
Size: 487.45 kB

Asianux Server 9 for x86_64

mod_proxy_cluster-1.3.22-1.el9_6.1.x86_64.rpm
MD5: a5dc9f5bc3d4a72f609f4960bc3191ec
SHA-256: a8e3a430e43789524af023d94869e74b21e84ff0a1065ca23864772d9d71b2eb
Size: 94.87 kB

Main menu

You are here

mod_proxy_cluster-1.3.22-1.el9_6.1