CVE-2022-37436

MITRE NVD CVE.ORG JSON API Print: PDF PDF

Summary

CVECVE-2022-37436
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2023-01-17 20:15:00 UTC
Updated2023-09-08 22:15:00 UTC
DescriptionPrior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.

Risk And Classification

Problem Types: CWE-113

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Application Apache Http Server All All All All

References

ReferenceSourceLinkTags
Apache HTTP Server 2.4 vulnerabilities - The Apache HTTP Server Project MISC httpd.apache.org
Apache HTTPD: Multiple Vulnerabilities (GLSA 202309-01) — Gentoo security MISC security.gentoo.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 150640 Apache HTTP Server Prior to 2.4.55 Multiple Security Vulnerabilities
  • 160477 Oracle Enterprise Linux Security Update for httpd:2.4 (ELSA-2023-0852)
  • 160485 Oracle Enterprise Linux Security Update for httpd (ELSA-2023-0970)
  • 181620 Debian Security Update for apache2 (DLA 3351-1)
  • 181660 Debian Security Update for apache2 (DSA 5376-1)
  • 182671 Debian Security Update for apache2 (CVE-2022-37436)
  • 199145 Ubuntu Security Notification for Apache Hypertext Transfer Protocol (HTTP) Server Vulnerabilities (USN-5839-1)
  • 199515 Ubuntu Security Notification for Apache Hypertext Transfer Protocol (HTTP) Server Vulnerability (USN-5839-2)
  • 241210 Red Hat Update for httpd:2.4 (RHSA-2023:0852)
  • 241220 Red Hat Update for httpd (RHSA-2023:0970)
  • 241954 Red Hat Update for JBoss Core Services (RHSA-2023:4629)
  • 283640 Fedora Security Update for httpd (FEDORA-2023-f6ff3f85eb)
  • 283670 Fedora Security Update for httpd (FEDORA-2023-6d4055d482)
  • 354767 Amazon Linux Security Advisory for httpd : ALAS2-2023-1938
  • 354845 Amazon Linux Security Advisory for httpd24 : ALAS-2023-1711
  • 355218 Amazon Linux Security Advisory for httpd : ALAS2023-2023-115
  • 378372 IBM Hypertext Transfer Protocol (HTTP) Server Multiple Vulnerabilities (6955577)
  • 378948 Oracle Hypertext Transfer Protocol (HTTP) Server Multiple Vulnerabilities (CPUOCT2023)
  • 502635 Alpine Linux Security Update for apache2
  • 503097 Alpine Linux Security Update for apache2
  • 503858 Alpine Linux Security Update for apache2
  • 505846 Alpine Linux Security Update for apache2
  • 672790 EulerOS Security Update for httpd (EulerOS-SA-2023-1550)
  • 672801 EulerOS Security Update for httpd (EulerOS-SA-2023-1525)
  • 672865 EulerOS Security Update for httpd (EulerOS-SA-2023-1596)
  • 672903 EulerOS Security Update for httpd (EulerOS-SA-2023-1780)
  • 672910 EulerOS Security Update for httpd (EulerOS-SA-2023-1758)
  • 672999 EulerOS Security Update for httpd (EulerOS-SA-2023-1847)
  • 673013 EulerOS Security Update for httpd (EulerOS-SA-2023-1872)
  • 691030 Free Berkeley Software Distribution (FreeBSD) Security Update for apache httpd (00919005-96a3-11ed-86e9-d4c9ef517024)
  • 753594 SUSE Enterprise Linux Security Update for apache2 (SUSE-SU-2023:0183-1)
  • 753595 SUSE Enterprise Linux Security Update for apache2 (SUSE-SU-2023:0185-1)
  • 753638 SUSE Enterprise Linux Security Update for apache2 (SUSE-SU-2023:0294-1)
  • 753653 SUSE Enterprise Linux Security Update for apache2 (SUSE-SU-2023:0321-1)
  • 753658 SUSE Enterprise Linux Security Update for apache2 (SUSE-SU-2023:0322-1)
  • 905361 Common Base Linux Mariner (CBL-Mariner) Security Update for httpd (13155)
  • 905369 Common Base Linux Mariner (CBL-Mariner) Security Update for httpd (13167)
  • 905475 Common Base Linux Mariner (CBL-Mariner) Security Update for httpd (13155-1)
  • 905525 Common Base Linux Mariner (CBL-Mariner) Security Update for httpd (13167-1)
  • 940931 AlmaLinux Security Update for httpd:2.4 (ALSA-2023:0852)
  • 940948 AlmaLinux Security Update for httpd (ALSA-2023:0970)
  • 960655 Rocky Linux Security Update for httpd:2.4 (RLSA-2023:0852)
  • 960890 Rocky Linux Security Update for httpd (RLSA-2023:0970)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report