Description

Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.

Remediation

References

CVE-2022-37436

Related Vulnerabilities

Undertow Incorrect Authorization Vulnerability (CVE-2017-12196)

WordPress Plugin AI ChatBot Arbitrary File Deletion (4.9.2)

MySQL CVE-2014-4243 Vulnerability (CVE-2014-4243)

Joomla Improper Access Control Vulnerability (CVE-2016-9838)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2010-3063)

Severity

Medium

Classification

CVE-2022-37436 CWE-436 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities