Apache balancer-manager application publicly accessible
Description
The Apache balancer-manager application displays the current working configuration and status of the enabled balancers and workers currently in use. However, not only does it display these parameters, it also allows for dynamic, runtime, on-the-fly reconfiguration of almost all of them, including adding new BalancerMembers (workers) to an existing balancer.
Remediation
Restrict access to balancer-manager application.