Csutherl

**Name of the Vulnerable Software and Affected Versions** mod proxy cluster (affected versions not specified) **Description** A flaw exists in mod proxy cluster, specifically a Carriage Return Line Feed (CRLF) injection in the `decodeenc()` function. This allows a remote attacker to bypass input validation. By injecting CRLF sequences into the cluster configuration, an attacker can corrupt the response body of responses from the `/INFO` endpoint. Exploitation requires network access to the MCMP protocol port, but authentication is not needed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.