Description

Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.

Remediation

References

CVE-2022-37436

Related Vulnerabilities

Apache Tomcat Other Vulnerability (CVE-2001-1563)

Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.38)

Python Integer Overflow or Wraparound Vulnerability (CVE-2007-4965)

Oracle JRE CVE-2013-0435 Vulnerability (CVE-2013-0435)

WordPress Plugin MP3-jPlayer Multiple Cross-Site Request Forgery Vulnerabilities (2.7.3)

Severity

Medium

Classification

CVE-2022-37436 CWE-436 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities