VYPR

mod_proxy_cluster

by Apache

CVEs (2)

  • CVE-2023-6710MedDec 12, 2023
    risk 0.38cvss 5.4epss 0.02

    A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias parameter on the URL, it adds…

  • CVE-2026-3234Mar 12, 2026
    risk 0.00cvss epss 0.00

    A flaw was found in mod_proxy_cluster. This vulnerability, a Carriage Return Line Feed (CRLF) injection in the decodeenc() function, allows a remote attacker to bypass input validation. By injecting CRLF sequences into the cluster configuration, an attacker can corrupt the…