Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-10306

A vulnerability was found in mod_proxy_cluster. The issue is that the <Directory> directive should be replaced by the <Location> directive as the former does not restrict IP/host access as `Require ip IP_ADDRESS` would suggest. This means that anyone with access to the host might send MCMP requests that may result in adding/removing/updating nodes for the balancing. However, this host should not be accessible to the public network as it does not serve the general traffic.

Published

2025-04-23T10:15:14.330

Last Modified

2025-07-01T03:15:20.857

Status

Awaiting Analysis

Source

[email protected]

Severity

CVSSv3.1: 5.4 (MEDIUM)

Weaknesses

Type: Secondary
CWE-863

Affected Vendors & Products

References

https://access.redhat.com/errata/RHBA-2025:2973 ([email protected])
https://access.redhat.com/errata/RHBA-2025:5309 ([email protected])
https://access.redhat.com/errata/RHSA-2025:9434 ([email protected])
https://access.redhat.com/errata/RHSA-2025:9466 ([email protected])
https://access.redhat.com/errata/RHSA-2025:9997 ([email protected])
https://access.redhat.com/security/cve/CVE-2024-10306 ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2321302 ([email protected])