VDB

DEBIAN-CVE-2022-37436

DEBIAN-CVE-2022-37436 PUBLISHED CVSS 5.300000190734863 MEDIUM

Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.

Risk Scores

CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected Products

VendorProductVersions
Debian:11apache2*, 2.4.54-5, 2.4.55-1
Debian:14apache20, 0, 0
Debian:12apache20, 0, 0
Debian:13apache20, 0, 0

Timeline

  • Jan 17, 2023 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›