what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Red Hat Security Advisory 2012-0039-01 https://packetstormsecurity.com/files/108806/RHSA-2012-0039-01.txt https://packetstormsecurity.com/files/108806/RHSA-2012-0039-01.txt https://packetstormsecurity.com/files/108806/Red-Hat-Security-Advisory-2012-0039-01.html Wed, 18 Jan 2012 23:29:05 GMT Red Hat Security Advisory 2012-0039-01 - mod_cluster-native provides a native build of mod_cluster for the Apache HTTP Server. mod_cluster is an httpd-based load balancer. Like mod_jk, it uses a communication channel to forward requests from httpd to an application server node. It was found that mod_cluster allowed worker nodes to register on any virtual host, regardless of the security constraints applied to other vhosts. In a typical environment, there will be one vhost configured internally for worker nodes, and another configured externally for serving content. A remote attacker could use this flaw to register an attacker-controlled worker node via an external vhost that is not configured to apply security constraints, then use that worker node to serve malicious content, intercept credentials, and hijack user sessions.

Related Files

No related files
packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close