mod_proxy_cluster-1.3.22-1.el9_6.1
エラータID: AXSA:2025-10590:02
リリース日:
2025/07/25 Friday - 13:38
題名:
mod_proxy_cluster-1.3.22-1.el9_6.1
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- mod_proxy_cluster には、権限のチェック処理に不備があるため、
リモートの攻撃者により、情報の漏洩、およびデータ破壊を可能とする
脆弱性が存在します。(CVE-2024-10306)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-10306
A vulnerability was found in mod_proxy_cluster. The issue is that the directive should be replaced by the directive as the former does not restrict IP/host access as `Require ip IP_ADDRESS` would suggest. This means that anyone with access to the host might send MCMP requests that may result in adding/removing/updating nodes for the balancing. However, this host should not be accessible to the public network as it does not serve the general traffic.
A vulnerability was found in mod_proxy_cluster. The issue is that the
追加情報:
N/A
ダウンロード:
SRPMS
- mod_proxy_cluster-1.3.22-1.el9_6.1.src.rpm
MD5: f904937a3aba5465336471102d495a83
SHA-256: 95722519b948fea29649a75df9d801465937155e82baf6ee1bc1e0f604a77977
Size: 487.45 kB
Asianux Server 9 for x86_64
- mod_proxy_cluster-1.3.22-1.el9_6.1.x86_64.rpm
MD5: a5dc9f5bc3d4a72f609f4960bc3191ec
SHA-256: a8e3a430e43789524af023d94869e74b21e84ff0a1065ca23864772d9d71b2eb
Size: 94.87 kB
English