Published: 17/01/2023 Updated: 08/09/2023

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 0

A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and previous versions. (CVE-2006-20001) Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an malicious user to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions. (CVE-2022-36760) Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client. (CVE-2022-37436)

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache http server

Synopsis Moderate: httpd:24 security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the httpd:24 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated ...

Synopsis Moderate: Red Hat JBoss Core Services Apache HTTP Server 2457 security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat JBoss Core ServicesRed Hat Product Security h ...

Synopsis Moderate: Red Hat JBoss Core Services Apache HTTP Server 2457 security update Type/Severity Security Advisory: Moderate Topic Red Hat JBoss Core Services Apache HTTP Server 2457 is now availableRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) bas ...

Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in HTTP response splitting or denial of service For the stable distribution (bullseye), these problems have been fixed in version 2456-1~deb11u1 We recommend that you upgrade your apache2 packages For the detailed security status of apache2 please refer t ...

A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent This could cause the process to crash This issue affects Apache HTTP Server 2454 and earlier (CVE-2006-20001) Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulne ...

DescriptionA flaw was found in the mod_proxy module of httpd A malicious backend can cause the response headers to be truncated because they are not cleaned when an error is found while reading them, resulting in some headers being incorporated into the response body and not being interpreted by a clientA flaw was found in the mod_proxy mo ...

Severity Unknown Remote Unknown Type Unknown Description AVG-2824 apache 2454-3 2455-1 Unknown Fixed ...

Menu Log in ...

Critical Infrastructure Sectors: Critical Manufacturing

CWE-113 https://httpd.apache.org/security/vulnerabilities_24.html https://security.gentoo.org/glsa/202309-01 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2023:0852 https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-11 https://www.debian.org/security/2023/dsa-5376 https://alas.aws.amazon.com/AL2/ALAS-2023-1938.html

CVE-2022-37436

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

References

Vulmon Search

About

Products

Connect