CCE-26859-9Platform: cpe:/o:centos:centos:6, cpe:/o:oracle:linux:6, cpe:/o:redhat:enterprise_linux:6, cpe:/o:ubuntu:ubuntu_linux:14.10 | Date: (C)2014-09-10 (M)2023-07-04 |
The cache module allows httpd to cache data, optimizing access to frequently accessed content. However, it introduces potential security flaws such as the possibility of circumventing Allow and Deny directives. If this functionality is unnecessary, comment out the module: #LoadModule cache_module modules/mod_cache.so If caching is required, it should not be enabled for any limited-access content.
Parameter:
[]
Technical Mechanism:
CCSS Severity: | CCSS Metrics: |
CCSS Score : 5.3 | Attack Vector: LOCAL |
Exploit Score: 1.0 | Attack Complexity: HIGH |
Impact Score: 4.2 | Privileges Required: LOW |
Severity: MEDIUM | User Interaction: NONE |
Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: NONE |
| Availability: LOW |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:53749 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:26108 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:26147 |