CVE-2022-37436

Updated: 2023-01-25 03:23:55.225262

Description:

Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x MEDIUM 5.3

Status

OS name Project name Version Score Severity Status Errata Last updated
CentOS 6 ELS httpd 2.2.15 5.3 MEDIUM Ignored 2023-01-25 04:03:31
CentOS 8.4 ELS httpd 2.4.37 5.3 MEDIUM Ignored 2023-01-25 03:23:55
CentOS 8.5 ELS httpd 2.4.37 5.3 MEDIUM Ignored 2023-01-25 03:23:55
CloudLinux 6 ELS httpd 2.2.15 5.3 MEDIUM Ignored 2023-01-25 04:03:31
Oracle Linux 6 ELS httpd 2.2.15 5.3 MEDIUM Ignored 2023-01-25 04:03:32
Ubuntu 16.04 ELS apache2 2.4.18 5.3 MEDIUM Ignored 2023-01-25 04:03:32

Statement

Will not fix: low score