Home > Vulnerability Database > CVE-2022-37436

Mend.io Vulnerability Database

CVE-2022-37436

Good to know:

Date: January 17, 2023

Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.

Language: C

Severity Score

5.3

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-37436

Url: https://security-tracker.debian.org/tracker/CVE-2022-37436

Url: https://access.redhat.com/security/cve/CVE-2022-37436

Url: https://httpd.apache.org/security/vulnerabilities_24.html

Url: https://security.gentoo.org/glsa/202309-01

Url: https://www.mend.io/vulnerability-database/CVE-2022-37436

Severity Score

5.3

Weakness Type (CWE)

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')

CWE-113

Interpretation Conflict

CWE-436

Top Fix

Upgrade Version

Upgrade to version 2.4.55

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-37436

Good to know:

Date: January 17, 2023

Language: C

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?