Vulnerability CVE-2022-37436: Information

Description

Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2022-37436
Published: Jan. 17, 2023
Modified: Sept. 9, 2023
Error type identifier: CWE-113

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
apache2sisyphus2.4.55-alt12.4.59-alt1ALT-PU-2023-1165-1314494Fixed
apache2sisyphus_e2k2.4.55-alt12.4.59-alt1ALT-PU-2023-2412-1-Fixed
apache2sisyphus_riscv642.4.55-alt12.4.59-alt1ALT-PU-2023-2418-1-Fixed
apache2p102.4.55-alt12.4.59-alt1ALT-PU-2023-1189-1314495Fixed
apache2p10_e2k2.4.55-alt12.4.59-alt1ALT-PU-2023-2472-1-Fixed
apache2p92.4.55-alt12.4.58-alt1ALT-PU-2023-1260-1314497Fixed
apache2p9_e2k2.4.55-alt12.4.57-alt2ALT-PU-2023-2671-1-Fixed
apache2c10f12.4.55-alt12.4.59-alt1ALT-PU-2023-1189-1314495Fixed
apache2c9f22.4.55-alt12.4.59-alt1ALT-PU-2023-1380-1314496Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://httpd.apache.org/security/vulnerabilities_24.html
  • Release Notes
  • Vendor Advisory
https://security.gentoo.org/glsa/202309-01

      1. Configuration 1

        cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
        End excliding
        2.4.55
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.5.1
    Back to top