Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-37436

Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.

Published

2023-01-17T20:15:11.670

Last Modified

2025-04-04T18:15:42.127

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Primary
CWE-113
Type: Secondary
CWE-436
Type: Secondary
CWE-113

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	http_server	< 2.4.55	Yes

References

https://httpd.apache.org/security/vulnerabilities_24.html Release Notes, Vendor Advisory ([email protected])
https://security.gentoo.org/glsa/202309-01 ([email protected])
https://httpd.apache.org/security/vulnerabilities_24.html Release Notes, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202309-01 (af854a3a-2127-422b-91ae-364da2661108)