CVE-2022-31813

Updated: 2023-11-07 20:13:47.821337

Description:

Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x HIGH 7.5
CVSS Version 3.x CRITICAL 9.8

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU httpd 2.4.53 9.8 CRITICAL Already Fixed 2023-11-08 08:35:59
CentOS 6 ELS httpd 2.2.15 9.8 CRITICAL Released CLSA-2022:1656447241 2022-07-11 11:45:40
CentOS 7 ELS httpd 2.4.6 9.8 CRITICAL Released CLSA-2023:1695752598 2023-09-26 17:08:00
CentOS 8.4 ELS httpd 2.4.37 9.8 CRITICAL Released CLSA-2022:1656429967 2022-06-28 11:50:00
CentOS 8.5 ELS httpd 2.4.37 9.8 CRITICAL Released CLSA-2022:1656430448 2022-06-28 11:50:00
CloudLinux 6 ELS httpd 2.2.15 9.8 CRITICAL Released CLSA-2022:1657643056 2022-07-13 20:38:26
Oracle Linux 6 ELS httpd 2.2.15 9.8 CRITICAL Released CLSA-2022:1656430723 2022-06-28 11:50:00
Ubuntu 16.04 ELS apache2 2.4.18 9.8 CRITICAL Released CLSA-2022:1656430949 2022-06-28 11:50:01
Ubuntu 18.04 ELS apache2 2.4.29 9.8 CRITICAL Already Fixed 2023-04-28 08:48:53