Description

The Apache balancer-manager application displays the current working configuration and status of the enabled balancers and workers currently in use. However, not only does it display these parameters, it also allows for dynamic, runtime, on-the-fly reconfiguration of almost all of them, including adding new BalancerMembers (workers) to an existing balancer.

Remediation

Restrict access to balancer-manager application.

References

Reverse Proxy Guide

Related Vulnerabilities

Python Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-3426)

XWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2023-34466)

Tiki Wiki CMS: Remote Code Execution via Calendar Module

WordPress Plugin Breadcrumb NavXT Information Disclosure (6.1.0)

WildFly Application Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-0793)

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Insecure Admin Access Information Disclosure