mod_cluster is vulnerable to privilege escalation. The root
context of the server is registered and exposed by default, allowing a remote attacker to bypass intended access restrictions and gain access to the application via unknown vectors.
CPE | Name | Operator | Version |
---|---|---|---|
mod_cluster | eq | 1.0.10__3.GA_CP02.ep5.el4 | |
mod_cluster | eq | 1.0.10__2.GA_CP01.ep5.el4 |
rhn.redhat.com/errata/RHSA-2012-1010.html
rhn.redhat.com/errata/RHSA-2012-1011.html
rhn.redhat.com/errata/RHSA-2012-1012.html
rhn.redhat.com/errata/RHSA-2012-1052.html
rhn.redhat.com/errata/RHSA-2012-1053.html
rhn.redhat.com/errata/RHSA-2012-1166.html
secunia.com/advisories/49636
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=802200
community.jboss.org/message/624018
issues.jboss.org/browse/MODCLUSTER-253
rhn.redhat.com/errata/RHSA-2011-1798.html
rhn.redhat.com/errata/RHSA-2011-1799.html
rhn.redhat.com/errata/RHSA-2011-1800.html
rhn.redhat.com/errata/RHSA-2012-1052.html