ClearOS Documentation

×

Warning

301 error for file:https://clearos.com/dokuwiki2/lib/exe/css.php?t=dokuwiki&tseed=82873f9c9a1f5784b951644363f20ef8

User Tools

Site Tools


CVE 2007-6420

'Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.'

ClearCenter response

Short response

This module is not running by default with any services typical to ClearOS. Additionally, it poses a minimal security risk even if it was.

Long response

While it is unlikely that ClearOS users will use this module, the risk only exists if the module is running and a user is authenticated through the web services. Additionally, the risk poses only a Denial of Service even if exploited.

Resolution

No action required (ClearOS 5.x). Bug does not exist in ClearOS 6.x.

content/en_us/announcements_cve_cve-2007-6420.txt · Last modified: 2014/12/22 10:23 by dloper

https://clearos.com/dokuwiki2/lib/exe/indexer.php?id=content%3Aen_us%3Aannouncements_cve_cve-2007-6420&1563457805