Description
The Apache balancer-manager application displays the current working configuration and status of the enabled balancers and workers currently in use. However, not only does it display these parameters, it also allows for dynamic, runtime, on-the-fly reconfiguration of almost all of them, including adding new BalancerMembers (workers) to an existing balancer.
Remediation
Restrict access to balancer-manager application.
References
Related Vulnerabilities
SugarCRM Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3803)
WordPress Plugin CodeArt-Google MP3 Player Arbitrary File Disclosure (1.0.11)
XWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2023-34466)
WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.24)
Python Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-3426)