Vulnetix
Try Vulnetix Request Demo
ALPINE-CVE-2022-37436 PUBLISHED CVSS 5.300000190734863 MEDIUM

Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.

Risk Scores

CVSS v3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected Products

VendorProductVersions
Alpine:v3.21apache22.4.20-r1, 2.4.23-r0, 2.4.23-r1
Alpine:v3.20apache22.2.17-r1, 2.4.38-r2, 2.4.38-r1
Alpine:v3.23apache22.4.10-r0, 2.2.21-r1, 2.4.26-r0
Alpine:v3.14apache22.4.25-r1, 2.4.53-r0, 2.4.6-r3
Alpine:v3.16apache22.4.35-r0, 2.2.21-r1, 2.2.16-r0
Alpine:v3.19apache22.4.23-r5, 2.4.23-r6, 2.4.23-r7
Alpine:v3.15apache20, 2.4.9-r1, 2.4.9-r0
Alpine:v3.22apache22.2.21-r3, 2.2.22-r1, 2.4.10-r0
Alpine:v3.17apache22.4.4-r1, 2.4.9-r1, 2.4.9-r0
Alpine:v3.18apache22.4.29-r1, 2.4.29-r0, 2.4.23-r10

Timeline

References

Open in Interactive Console →