CVE-2023-6710

Published: Dic 12, 2023 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2023-58930 Aliases: GSD-2023-6710

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 5,4

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: required

Scope: changed

Confidentiality: low

Integrity: low

Availability: none

Description

AI Translation Available

A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host and adds the script to the cluster-manager page.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0079

Percentile

0,7th

Updated

EPSS Score Trend (Last 90 Days)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Stable

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control Confidentiality Integrity Availability

Potential Impacts:

Bypass Protection Mechanism Read Application Data Execute Unauthorized Code Or Commands

Applicable Platforms

Technologies: AI/ML, Web Based, Web Server

Likelihood of Exploit: High

View CWE Details

Exploit

Apache mod_proxy_cluster 1.2.6 - Stored XSS

Author: Mohamed Mounir Boudjema Published:

View Exploit Code →

Application

Mod Proxy Cluster by Modcluster

Product Information

Vendor Modcluster

Product Mod Proxy Cluster

Version -

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:modcluster:mod_proxy_cluster:-:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Operating System

Enterprise Linux by Redhat

Product Information

Vendor Redhat

Product Enterprise Linux

Version 9.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

https://access.redhat.com/errata/RHSA-2024:1316

https://access.redhat.com/errata/RHSA-2024:1317

https://access.redhat.com/errata/RHSA-2024:2387

https://access.redhat.com/security/cve/CVE-2023-6710

Third Party Advisory

https://access.redhat.com/security/cve/CVE-2023-6710

https://bugzilla.redhat.com/show_bug.cgi?id=2254128

Issue Tracking Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2254128

https://access.redhat.com/errata/RHSA-2024:1316

https://access.redhat.com/errata/RHSA-2024:1317

https://access.redhat.com/errata/RHSA-2024:2387

https://access.redhat.com/security/cve/CVE-2023-6710

Third Party Advisory

https://access.redhat.com/security/cve/CVE-2023-6710

https://bugzilla.redhat.com/show_bug.cgi?id=2254128

Issue Tracking Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2254128

CVE-2023-6710

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 90 Days)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Common Consequences

Applicable Platforms

Apache mod_proxy_cluster 1.2.6 - Stored XSS

Mod Proxy Cluster by Modcluster

Product Information

Enterprise Linux by Redhat

Product Information

Iscriviti alla newsletter