Description

Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.

Remediation

References

CVE-2022-37436

Related Vulnerabilities

WordPress Plugin Email Users Cross-Site Request Forgery (4.8.3)

PHP Resource Management Errors Vulnerability (CVE-2010-3710)

TCExam Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-4237)

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-1476)

WordPress Plugin RSS Redirect & Feedburner Alternative Unspecified Vulnerability (1.9)

Severity

Medium

Classification

CVE-2022-37436 CWE-436 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities