CVE-2022-37436

Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://httpd.apache.org/security/vulnerabilities_24.html	Release Notes Vendor Advisory
https://security.gentoo.org/glsa/202309-01
https://httpd.apache.org/security/vulnerabilities_24.html	Release Notes Vendor Advisory
https://security.gentoo.org/glsa/202309-01

Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:14

Type	Values Removed	Values Added
Summary		(es) Antes de Apache HTTP Server 2.4.55, un backend malicioso podía provocar que los encabezados de respuesta se truncaran antes de tiempo, lo que provocaba que algunos encabezados se incorporaran al cuerpo de la respuesta. Si los encabezados posteriores tienen algún propósito de seguridad, no serán interpretados por el cliente.
References	~~() https://httpd.apache.org/security/vulnerabilities_24.html - Release Notes, Vendor Advisory~~	() https://httpd.apache.org/security/vulnerabilities_24.html - Release Notes, Vendor Advisory
References	~~() https://security.gentoo.org/glsa/202309-01 -~~	() https://security.gentoo.org/glsa/202309-01 -

08 Sep 2023, 22:15

Type	Values Removed	Values Added
References		(MISC) https://security.gentoo.org/glsa/202309-01 -
CWE	~~CWE-436~~	CWE-113

Information

Published : 2023-01-17 20:15

Updated : 2025-04-04 18:15

NVD link : CVE-2022-37436

Mitre link : CVE-2022-37436

CVE.ORG link : CVE-2022-37436

JSON object : View

Products Affected

apache

http_server

CWE

CWE-113

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

CWE-436

Interpretation Conflict

{"id": "CVE-2022-37436", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2023-01-17T20:15:11.670", "references": [{"url": "https://httpd.apache.org/security/vulnerabilities_24.html", "tags": ["Release Notes", "Vendor Advisory"], "source": "security@apache.org"}, {"url": "https://security.gentoo.org/glsa/202309-01", "source": "security@apache.org"}, {"url": "https://httpd.apache.org/security/vulnerabilities_24.html", "tags": ["Release Notes", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.gentoo.org/glsa/202309-01", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-113"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-436"}]}, {"type": "Primary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-113"}]}], "descriptions": [{"lang": "en", "value": "Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client."}, {"lang": "es", "value": "Antes de Apache HTTP Server 2.4.55, un backend malicioso pod\u00eda provocar que los encabezados de respuesta se truncaran antes de tiempo, lo que provocaba que algunos encabezados se incorporaran al cuerpo de la respuesta. Si los encabezados posteriores tienen alg\u00fan prop\u00f3sito de seguridad, no ser\u00e1n interpretados por el cliente."}], "lastModified": "2025-04-04T18:15:42.127", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1AD829E-486E-4D6E-B323-F0FA299E587D", "versionEndExcluding": "2.4.55"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}