CVE-2022-37436

MEDIUM5.3EPSS 0.54%

Apache HTTP Server: mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting

發布日:2023/1/17修改日:2025/5/20

也稱為:ALPINE-CVE-2022-37436BIT-apache-2022-37436

描述

Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.

受影響套件(3)

Alpine/apache2from 0, < 2.4.55-r0
Bitnami/apachefrom 0, < 2.4.55
Debian/apache2from 0, < 2.4.56-1~deb11u1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

參考連結(5)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2022-37436
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2022-37436
WEBhttps://httpd.apache.org/security/vulnerabilities_24.html
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2022-37436
WEBhttps://security.gentoo.org/glsa/202309-01