VDB
DEBIAN-CVE-2022-37436
DEBIAN-CVE-2022-37436
PUBLISHED
CVSS 5.300000190734863 MEDIUM
Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.
Risk Scores
CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | apache2 | *, 2.4.54-5, 2.4.55-1 |
| Debian:14 | apache2 | 0, 0, 0 |
| Debian:12 | apache2 | 0, 0, 0 |
| Debian:13 | apache2 | 0, 0, 0 |
Timeline
- Jan 17, 2023 CVE Published
- Apr 28, 2026 CVE Updated