Description

The Apache balancer-manager application displays the current working configuration and status of the enabled balancers and workers currently in use. However, not only does it display these parameters, it also allows for dynamic, runtime, on-the-fly reconfiguration of almost all of them, including adding new BalancerMembers (workers) to an existing balancer.

Remediation

Restrict access to balancer-manager application.

References

Reverse Proxy Guide

Related Vulnerabilities

SugarCRM Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3803)

WordPress Plugin CodeArt-Google MP3 Player Arbitrary File Disclosure (1.0.11)

XWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2023-34466)

WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.24)

Python Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-3426)

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Insecure Admin Access Information Disclosure