CVE-2022-37436

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-37436
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-37436.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-37436
Aliases
Downstream
Related
Published
2023-01-17T20:15:11.670Z
Modified
2026-04-10T04:49:54.900435Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.

References

Affected packages

Git / github.com/apache/httpd

Affected ranges

Type
GIT
Repo
https://github.com/apache/httpd
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
8201e867f1d4cdf61840625c6c4be901e3f1b6ba
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.4.55"
        }
    ]
}

Affected versions

2.*
2.4.55-rc1-candidate

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-37436.json"