VDB
CVE-2023-6710
CVE-2023-6710
PUBLISHED
CVSS 9.300000190734863 CRITICAL
In Apache HTTP Server existiert eine Cross-Site Scripting Schwachstelle. HTML und Script-Eingaben werden von "mod_proxy_cluster" im Alias-Parameter in der URL nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter, anonymer Angreifer kann durch Ausnutzung dieser Schwachstelle beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen.
EPSS 1.07% · 78.1th percentile
Risk Scores
CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
EPSS Score
1.07%
78.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| IBM | IBM Rational Build Forge <8.0.0.26 | |
| Red Hat | Red Hat Enterprise Linux | |
| Apache | Apache HTTP Server | |
| SUSE | SUSE Linux |
Exploit Intelligence
- CIRCL published-proof-of-concept: CVE-2023-6710 (circl-sighting)
- CIRCL published-proof-of-concept: CVE-2023-6710 (circl-sighting)
- CIRCL published-proof-of-concept: CVE-2023-6710 (circl-sighting)
- CIRCL seen: CVE-2023-6710 (circl-sighting)
- CIRCL seen: CVE-2023-6710 (circl-sighting)
- Explore the depths of CVE-2023-6710 with our comprehensive Proof of Concept (PoC). This CVE, identified as a potential security vulnerability, has been meticulously examined to demonstrate its impact and provide a hands-on understanding of the associated risks. (github-poc)
- Explore the depths of CVE-2023-6710 with our comprehensive Proof of Concept (PoC). This CVE, identified as a potential security vulnerability, has been meticulously examined to demonstrate its impact and provide a hands-on understanding of the associated risks. (github-poc)
- Explore the depths of CVE-2023-6710 with our comprehensive Proof of Concept (PoC). This CVE, identified as a potential security vulnerability, has been meticulously examined to demonstrate its impact and provide a hands-on understanding of the associated risks. (github-poc)
- Explore the depths of CVE-2023-6710 with our comprehensive Proof of Concept (PoC). This CVE, identified as a potential security vulnerability, has been meticulously examined to demonstrate its impact and provide a hands-on understanding of the associated risks. (github-poc)
- Explore the depths of CVE-2023-6710 with our comprehensive Proof of Concept (PoC). This CVE, identified as a potential security vulnerability, has been meticulously examined to demonstrate its impact and provide a hands-on understanding of the associated risks. (github-poc)
…and 18 more exploits
Timeline
- Jan 21, 1970 Nuclei Template
- Jan 21, 1970 Fix Commit
- Dec 11, 2023 CVE Published
- Dec 13, 2023 EPSS Score
- Dec 26, 2023 PoC Published
- Dec 28, 2023 PoC Published
- Jan 2, 2024 PoC Published
- Jan 11, 2024 EPSS Score
- Mar 10, 2024 EPSS Score
- Apr 8, 2024 EPSS Score
- May 7, 2024 EPSS Score
- May 13, 2024 PoC Published
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-3106.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3106 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2023-6710 advisory
- https://access.redhat.com/errata/RHSA-2024:1317 advisory
- https://access.redhat.com/errata/RHSA-2024:1316 advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0769.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0769 advisory
- https://www.ibm.com/support/pages/node/7145704 advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-November/019796.html advisory