content:en_us:announcements_cve_cve-2007-6420

CVE 2007-6420

'Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.'

ClearCenter response

Short response

This module is not running by default with any services typical to ClearOS. Additionally, it poses a minimal security risk even if it was.

Long response

While it is unlikely that ClearOS users will use this module, the risk only exists if the module is running and a user is authenticated through the web services. Additionally, the risk poses only a Denial of Service even if exploited.

Resolution

No action required (ClearOS 5.x). Bug does not exist in ClearOS 6.x.

content/en_us/announcements_cve_cve-2007-6420.txt · Last modified: 2014/12/22 17:23 by dloper

Page Tools