22 matches found
CVE-2026-3234
A flaw was found in modproxycluster. This vulnerability, a Carriage Return Line Feed CRLF injection in the decodeenc function, allows a remote attacker to bypass input validation. By injecting CRLF sequences into the cluster configuration, an attacker can corrupt the response body of INFO endpoin...
CVE-2026-3234 Mod_proxy_cluster: mod_proxy_cluster: response body corruption via crlf injection
A flaw was found in modproxycluster. This vulnerability, a Carriage Return Line Feed CRLF injection in the decodeenc function, allows a remote attacker to bypass input validation. By injecting CRLF sequences into the cluster configuration, an attacker can corrupt the response body of INFO endpoin...
CVE-2026-3234
CVE-2026-3234 affects mod_proxy_cluster. A CRLF injection in the decodeenc() function allows a remote attacker to bypass input validation and corrupt the INFO endpoint responses by injecting CRLF sequences into the cluster configuration. Exploitation requires network access to the MCMP protocol p...
CVE-2026-3234 Mod_proxy_cluster: mod_proxy_cluster: response body corruption via crlf injection
A flaw was found in modproxycluster. This vulnerability, a Carriage Return Line Feed CRLF injection in the decodeenc function, allows a remote attacker to bypass input validation. By injecting CRLF sequences into the cluster configuration, an attacker can corrupt the response body of INFO endpoin...
PT-2026-24940
A flaw was found in mod proxy cluster. This vulnerability, a Carriage Return Line Feed CRLF injection in the decodeenc function, allows a remote attacker to bypass input validation. By injecting CRLF sequences into the cluster configuration, an attacker can corrupt the response body of INFO...
Linux Distros Unpatched Vulnerability : CVE-2026-3234
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in modproxycluster. This vulnerability, a Carriage Return Line Feed CRLF injection in the decodeenc function, allows a remote attacker to bypas...
MiracleLinux 9 : mod_proxy_cluster-1.3.22-1.el9_6.1 (AXSA:2025-10590:02)
The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10590:02 advisory. modproxycluster: modproxycluster unauthorized MCMP requests CVE-2024-10306 Tenable has extracted the preceding description block directly from the...
RockyLinux 9 : mod_proxy_cluster (RLSA-2025:9434)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:9434 advisory. modproxycluster: modproxycluster unauthorized MCMP requests CVE-2024-10306 Tenable has extracted the preceding description block directly from the RockyLinux...
RockyLinux 10 : mod_proxy_cluster (RLSA-2025:9466)
The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:9466 advisory. modproxycluster: modproxycluster unauthorized MCMP requests CVE-2024-10306 Tenable has extracted the preceding description block directly from the RockyLinux...
RLSA-2025:9434 Moderate: mod_proxy_cluster security update
The modproxycluster module is a plugin for the Apache HTTP Server that provides load-balancer functionality. Security Fixes: modproxycluster: modproxycluster unauthorized MCMP requests CVE-2024-10306 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...
mod_proxy_cluster security update
An update is available for modproxycluster. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The modproxycluster module is a plugin for the Apache HTTP Server th...
Oracle Linux 10 : mod_proxy_cluster (ELSA-2025-9466)
The remote Oracle Linux 10 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2025-9466 advisory. 1.3.22-1.el100.2 - Resolves: RHEL-82256 - Update deprecated misspeled EnableMCPMReceive directive 1.3.22-1.el100.1 - Resolves: RHEL-80796 - Rebase...
mod_proxy_cluster: mod_proxy_cluster unauthorized MCMP requests
A vulnerability was found in modproxycluster. The issue is that the directive should be replaced by the directive as the former does not restrict IP/host access as Require ip IPADDRESS would suggest. This means that anyone with access to the host might send MCMP requests that may result in...
mod_proxy_cluster: mod_proxy_cluster unauthorized MCMP requests
A vulnerability was found in modproxycluster. The issue is that the directive should be replaced by the directive as the former does not restrict IP/host access as Require ip IPADDRESS would suggest. This means that anyone with access to the host might send MCMP requests that may result in...
mod_proxy_cluster: mod_proxy_cluster unauthorized MCMP requests
A vulnerability was found in modproxycluster. The issue is that the directive should be replaced by the directive as the former does not restrict IP/host access as Require ip IPADDRESS would suggest. This means that anyone with access to the host might send MCMP requests that may result in...
CVE-2024-10306
A vulnerability was found in modproxycluster. The issue is that the directive should be replaced by the directive as the former does not restrict IP/host access as Require ip IPADDRESS would suggest. This means that anyone with access to the host might send MCMP requests that may result in...
PT-2025-17610 · Unknown +2 · Mod Proxy Cluster +2
Name of the Vulnerable Software and Affected Versions: mod proxy cluster affected versions not specified Description: A vulnerability was found in mod proxy cluster, where the directive does not restrict IP/host access as Require ip IP ADDRESS would suggest, allowing anyone with access to the hos...
mod_cluster/mod_proxy_cluster: Stored Cross site Scripting
A flaw was found in the modproxycluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting XSS vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host an...
mod_cluster/mod_proxy_cluster: Stored Cross site Scripting
A flaw was found in the modproxycluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting XSS vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host an...
mod_cluster/mod_proxy_cluster: Stored Cross site Scripting
A flaw was found in the modproxycluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting XSS vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host an...