CVE-2022-37436
MEDIUM WAF: High
CVSS 5.3
Published: 2023-01-17
CWE-113 CWE-113
Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.
WAF Coverage Analysis
HTTP Response Splitting
High WAF Coverage
OWASP: A03:2021 Injection
921xxx - Protocol Attack
HTTP Response Splitting
High WAF Coverage
OWASP: A03:2021 Injection
921xxx - Protocol Attack
Affected Software
| Vendor | Product | Version |
|---|---|---|
| apache | http_server | up to 2.4.55 |
References
- httpd.apache.org (Release Notes, Vendor Advisory)
- security.gentoo.org