Developers Documentation



301 error for file:

User Tools

Site Tools

CVE 2007-6420

'Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.'

ClearCenter response

Short response

This module is not running by default with any services typical to ClearOS. Additionally, it poses a minimal security risk even if it was.

Long response

While it is unlikely that ClearOS users will use this module, the risk only exists if the module is running and a user is authenticated through the web services. Additionally, the risk poses only a Denial of Service even if exploited.


No action required (ClearOS 5.x). Bug does not exist in ClearOS 6.x.

content/en_us/announcements_cve_cve-2007-6420.txt · Last modified: 2014/12/22 10:23 by dloper