CVE-2026-3234
Mod_proxy_cluster: mod_proxy_cluster: response body corruption via crlf injection
A flaw was found in mod_proxy_cluster. This vulnerability, a Carriage Return Line Feed (CRLF) injection in the decodeenc() function, allows a remote attacker to bypass input validation. By injecting CRLF sequences into the cluster configuration, an attacker can corrupt the response body of INFO endpoint responses. Exploitation requires network access to the MCMP protocol port, but no authentication is needed.
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Productos afectados
Red Hat · Red Hat Enterprise Linux 10Red Hat · Red Hat Enterprise Linux 9Red Hat · Red Hat JBoss Core Services¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →