Mod_cluster/mod_proxy_cluster: stored cross site scripting

CVE-2023-6710

5.4MEDIUM

Key Information

Vendor: Red Hat
Status: Jboss Core Services For Rhel 8; Jboss Core Services On Rhel 7; Red Hat Enterprise Linux 9; Red Hat Jboss Core Services 1
Vendor: CVE Published:; 12 December 2023

Badges

👾 Exploit Exists🔴 Public PoC

Summary

A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host and adds the script to the cluster-manager page.

Affected Version(s)

JBoss Core Services for RHEL 8 <= 0:1.3.20-3.el8jbcs

JBoss Core Services on RHEL 7 <= 0:1.3.20-3.el7jbcs

Red Hat Enterprise Linux 9 <= 0:1.3.20-1.el9_4

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-6710
Created by DedSec-47

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

👾
Exploit exists.
Aug 17, 2024
Vulnerability Reserved.
Dec 12, 2023
Reported to Red Hat.
Dec 12, 2023
Vulnerability published.
Dec 12, 2023

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)

Credit

Red Hat would like to thank Mohamed Mounir Boudjema (Intervalle-Technologies) for reporting this issue.