Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.

References

httpd.apache.org/security/vulnerabilities_24.html

security.alpinelinux.org/vuln/CVE-2022-37436

security.gentoo.org/glsa/202309-01

nessus 51

debiancve 1

osv 10

cvelist 1

veracode 1

ubuntucve 1

alpinelinux 1

f5 1

openvas 30

ubuntu 2

cbl_mariner 2

broadcom 1

nvd 1

cve 1

redhatcve 1

prion 1

ibm 11

altlinux 2

almalinux 2

oraclelinux 2

fedora 2

rocky 2

freebsd 1

kaspersky 1

redhat 4

redos 1

amazon 2

mageia 1

slackware 1

debian 2

gentoo 1

photon 2

rosalinux 1

hp 1

ics 1

oracle 3

nessus

Tenable SecurityCenter 5.22.0 / 5.23.1 / 6.0.0 Apache Header Truncation (TNS-2023-06)

2023-02-23 00:00:00

F5 Networks BIG-IP : Apache HTTPD vulnerability (K000132665)

2023-06-23 00:00:00

Ubuntu 16.04 ESM : Apache HTTP Server vulnerability (USN-5839-2)

2023-02-02 00:00:00

debiancve

CVE-2022-37436

2023-01-17 20:15:11

osv

apache2 vulnerability

2023-02-02 13:34:35

BIT-apache-2022-37436

2024-03-06 10:51:28

apache2 vulnerabilities

2023-02-01 13:09:22

cvelist

CVE-2022-37436 Apache HTTP Server: mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting

2023-01-17 19:12:59

veracode

HTTP Response Splitting

2023-01-21 12:15:11

ubuntucve

CVE-2022-37436

2023-01-17 00:00:00

alpinelinux

CVE-2022-37436

2023-01-17 20:15:11

K000132665 : Apache HTTPD vulnerability CVE-2022-37436

2023-02-22 00:00:00

openvas

Ubuntu: Security Advisory (USN-5839-2)

2023-02-03 00:00:00

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-2240)

2023-06-12 00:00:00

Fedora: Security Advisory for httpd (FEDORA-2023-f6ff3f85eb)

2023-01-29 00:00:00

ubuntu

Apache HTTP Server vulnerability

2023-02-02 00:00:00

Apache HTTP Server vulnerabilities

2023-02-01 00:00:00

cbl_mariner

CVE-2022-37436 affecting package httpd for versions less than 2.4.55-1

2023-02-14 20:36:06

CVE-2022-37436 affecting package httpd 2.4.54-1

2023-02-14 02:35:58

broadcom

mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting

2023-06-12 00:00:00

nvd

CVE-2022-37436

2023-01-17 20:15:11

cve

CVE-2022-37436

2023-01-17 20:15:11

redhatcve

CVE-2022-37436

2023-01-18 19:05:38

prion

Code injection

2023-01-17 20:15:00

ibm

Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to HTTP response splitting and denial of service attacks (CVE-2022-37436, CVE-2006-20001)

2023-04-19 15:11:52

Security Bulletin: Vulnerability in Apache HTTP Server (CVE-2022-36760 and CVE-2022-37436 ) affects Power HMC

2023-06-20 09:31:46

Security Bulletin: IBM Aspera Console 3.4.2 PL7 has addressed multiple vulnerabilities (CVE-2022-37436, CVE-2021-34798)

2024-02-23 17:40:00

altlinux

Security fix for the ALT Linux 9 package apache2 version 1:2.4.55-alt1

2023-02-16 00:00:00

Security fix for the ALT Linux 10 package apache2 version 1:2.4.55-alt1

2023-02-07 00:00:00

almalinux

Moderate: httpd:2.4 security and bug fix update

2023-02-21 00:00:00

Moderate: httpd security and bug fix update

2023-02-28 00:00:00

oraclelinux

httpd:2.4 security and bug fix update

2023-02-22 00:00:00

httpd security and bug fix update

2023-02-28 00:00:00

fedora

[SECURITY] Fedora 37 Update: httpd-2.4.55-1.fc37

2023-01-28 01:27:38

[SECURITY] Fedora 36 Update: httpd-2.4.55-1.fc36

2023-02-03 01:42:01

rocky

httpd security and bug fix update

2023-04-06 15:53:36

httpd:2.4 security and bug fix update

2023-02-22 01:08:53

freebsd

Apache httpd -- Multiple vulnerabilities

2023-01-17 00:00:00

kaspersky

KLA20167 Multiple vulnerabilities in Apache HTTP Server

2023-01-17 00:00:00

redhat

(RHSA-2023:0852) Moderate: httpd:2.4 security and bug fix update

2023-02-21 08:48:58

(RHSA-2023:0970) Moderate: httpd security and bug fix update

2023-02-28 07:53:34

(RHSA-2023:4629) Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 security update

2023-08-15 17:35:29

redos

ROS-20240603-04

2024-06-03 00:00:00

amazon

Important: httpd

2023-02-17 00:10:00

Important: httpd24

2023-03-17 15:53:00

mageia

Updated apache packages fix security vulnerability

2023-02-07 03:06:39

slackware

[slackware-security] httpd

2023-01-18 06:23:09

debian

[SECURITY] [DLA 3351-1] apache2 security update

2023-03-03 16:35:17

[SECURITY] [DSA 5376-1] apache2 security update

2023-03-20 18:52:17

gentoo

Apache HTTPD: Multiple Vulnerabilities

2023-09-08 00:00:00

photon

Critical Photon OS Security Update - PHSA-2023-3.0-0522

2023-01-31 00:00:00

Critical Photon OS Security Update - PHSA-2023-4.0-0325

2023-02-01 00:00:00

rosalinux

Advisory ROSA-SA-2023-2161

2023-05-03 11:17:19

HP Device Manager Security Updates

2023-04-13 00:00:00

ics

Siemens SCALANCE XCM-/XRM-300

2024-02-15 12:00:00

oracle

Oracle Critical Patch Update Advisory - October 2023

2023-10-17 00:00:00

Oracle Critical Patch Update Advisory - July 2023

2023-07-18 00:00:00

Oracle Critical Patch Update Advisory - April 2023

2023-04-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

36.8%

JSON

Related for OSV:CVE-2022-37436