Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.

Affected configurations

NVD

Node

apachehttp_serverRange<2.4.55

References

httpd.apache.org/security/vulnerabilities_24.html

security.gentoo.org/glsa/202309-01

cvelist 1

debiancve 1

nessus 49

osv 10

cbl_mariner 2

broadcom 1

cve 1

ubuntu 2

openvas 30

prion 1

redhatcve 1

f5 1

veracode 1

ubuntucve 1

alpinelinux 1

ibm 10

amazon 2

altlinux 2

redhat 4

redos 1

almalinux 2

oraclelinux 2

slackware 1

rocky 2

mageia 1

fedora 2

freebsd 1

kaspersky 1

debian 2

gentoo 1

photon 2

rosalinux 1

hp 1

ics 1

oracle 3

cvelist

CVE-2022-37436 Apache HTTP Server: mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting

2023-01-17 19:12:59

debiancve

CVE-2022-37436

2023-01-17 20:15:11

nessus

Tenable SecurityCenter 5.22.0 / 5.23.1 / 6.0.0 Apache Header Truncation (TNS-2023-06)

2023-02-23 00:00:00

F5 Networks BIG-IP : Apache HTTPD vulnerability (K000132665)

2023-06-23 00:00:00

Ubuntu 16.04 ESM : Apache HTTP Server vulnerability (USN-5839-2)

2023-02-02 00:00:00

osv

apache2 vulnerability

2023-02-02 13:34:35

BIT-apache-2022-37436

2024-03-06 10:51:28

CVE-2022-37436

2023-01-17 20:15:11

cbl_mariner

CVE-2022-37436 affecting package httpd for versions less than 2.4.55-1

2023-02-14 20:36:06

CVE-2022-37436 affecting package httpd 2.4.54-1

2023-02-14 02:35:58

broadcom

mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting

2023-06-12 00:00:00

cve

CVE-2022-37436

2023-01-17 20:15:11

ubuntu

Apache HTTP Server vulnerability

2023-02-02 00:00:00

Apache HTTP Server vulnerabilities

2023-02-01 00:00:00

openvas

Ubuntu: Security Advisory (USN-5839-2)

2023-02-03 00:00:00

Fedora: Security Advisory for httpd (FEDORA-2023-6d4055d482)

2023-02-03 00:00:00

SUSE: Security Advisory (SUSE-SU-2023:0185-1)

2023-01-30 00:00:00

prion

Code injection

2023-01-17 20:15:00

redhatcve

CVE-2022-37436

2023-01-18 19:05:38

K000132665 : Apache HTTPD vulnerability CVE-2022-37436

2023-02-22 00:00:00

veracode

HTTP Response Splitting

2023-01-21 12:15:11

ubuntucve

CVE-2022-37436

2023-01-17 00:00:00

alpinelinux

CVE-2022-37436

2023-01-17 20:15:11

ibm

Security Bulletin: IBM Aspera Console 3.4.2 PL7 has addressed multiple vulnerabilities (CVE-2022-37436, CVE-2021-34798)

2024-02-23 17:45:37

Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to HTTP response splitting and denial of service attacks (CVE-2022-37436, CVE-2006-20001)

2023-04-19 15:11:52

Security Bulletin: Vulnerability in Apache HTTP Server (CVE-2022-36760 and CVE-2022-37436 ) affects Power HMC

2023-06-20 09:31:46

amazon

Important: httpd

2023-02-17 00:10:00

Important: httpd24

2023-03-17 15:53:00

altlinux

Security fix for the ALT Linux 10 package apache2 version 1:2.4.55-alt1

2023-02-07 00:00:00

Security fix for the ALT Linux 9 package apache2 version 1:2.4.55-alt1

2023-02-16 00:00:00

redhat

(RHSA-2023:0970) Moderate: httpd security and bug fix update

2023-02-28 07:53:34

(RHSA-2023:0852) Moderate: httpd:2.4 security and bug fix update

2023-02-21 08:48:58

(RHSA-2023:4629) Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 security update

2023-08-15 17:35:29

redos

ROS-20240603-04

2024-06-03 00:00:00

almalinux

Moderate: httpd:2.4 security and bug fix update

2023-02-21 00:00:00

Moderate: httpd security and bug fix update

2023-02-28 00:00:00

oraclelinux

httpd:2.4 security and bug fix update

2023-02-22 00:00:00

httpd security and bug fix update

2023-02-28 00:00:00

slackware

[slackware-security] httpd

2023-01-18 06:23:09

rocky

httpd:2.4 security and bug fix update

2023-02-22 01:08:53

httpd security and bug fix update

2023-04-06 15:53:36

mageia

Updated apache packages fix security vulnerability

2023-02-07 03:06:39

fedora

[SECURITY] Fedora 36 Update: httpd-2.4.55-1.fc36

2023-02-03 01:42:01

[SECURITY] Fedora 37 Update: httpd-2.4.55-1.fc37

2023-01-28 01:27:38

freebsd

Apache httpd -- Multiple vulnerabilities

2023-01-17 00:00:00

kaspersky

KLA20167 Multiple vulnerabilities in Apache HTTP Server

2023-01-17 00:00:00

debian

[SECURITY] [DLA 3351-1] apache2 security update

2023-03-03 16:35:17

[SECURITY] [DSA 5376-1] apache2 security update

2023-03-20 18:52:17

gentoo

Apache HTTPD: Multiple Vulnerabilities

2023-09-08 00:00:00

photon

Critical Photon OS Security Update - PHSA-2023-3.0-0522

2023-01-31 00:00:00

Critical Photon OS Security Update - PHSA-2023-4.0-0325

2023-02-01 00:00:00

rosalinux

Advisory ROSA-SA-2023-2161

2023-05-03 11:17:19

HP Device Manager Security Updates

2023-04-13 00:00:00

ics

Siemens SCALANCE XCM-/XRM-300

2024-02-15 12:00:00

oracle

Oracle Critical Patch Update Advisory - October 2023

2023-10-17 00:00:00

Oracle Critical Patch Update Advisory - July 2023

2023-07-18 00:00:00

Oracle Critical Patch Update Advisory - April 2023

2023-04-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.3%

JSON

Related for NVD:CVE-2022-37436

cvelist1 debiancve1 nessus49 osv10 cbl_mariner2 broadcom1 cve1 ubuntu2 openvas30 prion1 redhatcve1 f51 veracode1 ubuntucve1 alpinelinux1 ibm10 amazon2 altlinux2 redhat4 redos1 almalinux2 oraclelinux2 slackware1 rocky2 mageia1 fedora2 freebsd1 kaspersky1 debian2 gentoo1 photon2 rosalinux1 hp1 ics1 oracle3