Unrated severityNVD Advisory· Published Jan 17, 2023· Updated Apr 4, 2025
Apache HTTP Server: mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting
CVE-2022-37436
Description
Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
46<2.4.55+ 1 more
- (no CPE)range: <2.4.55
- (no CPE)range: 0
- osv-coords44 versionspkg:bitnami/apachepkg:rpm/almalinux/httpdpkg:rpm/almalinux/httpd-corepkg:rpm/almalinux/httpd-develpkg:rpm/almalinux/httpd-filesystempkg:rpm/almalinux/httpd-manualpkg:rpm/almalinux/httpd-toolspkg:rpm/almalinux/mod_http2pkg:rpm/almalinux/mod_ldappkg:rpm/almalinux/mod_luapkg:rpm/almalinux/mod_mdpkg:rpm/almalinux/mod_proxy_htmlpkg:rpm/almalinux/mod_sessionpkg:rpm/almalinux/mod_sslpkg:rpm/opensuse/apache2&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/apache2&distro=openSUSE%20Tumbleweedpkg:rpm/suse/apache2&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/apache2&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/apache2&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOSpkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP4pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP4pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/apache2&distro=SUSE%20Manager%20Proxy%204.2pkg:rpm/suse/apache2&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.2pkg:rpm/suse/apache2&distro=SUSE%20Manager%20Server%204.2pkg:rpm/suse/apache2&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/apache2&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 2.4.55+ 43 more
- (no CPE)range: < 2.4.55
- (no CPE)range: < 2.4.37-51.module_el8.7.0+3405+9516b832.1
- (no CPE)range: < 2.4.53-7.el9_1.1
- (no CPE)range: < 2.4.37-51.module_el8.7.0+3405+9516b832.1
- (no CPE)range: < 2.4.37-51.module_el8.7.0+3405+9516b832.1
- (no CPE)range: < 2.4.37-51.module_el8.7.0+3405+9516b832.1
- (no CPE)range: < 2.4.37-51.module_el8.7.0+3405+9516b832.1
- (no CPE)range: < 1.15.7-5.module_el8.6.0+2872+fe0ff7aa
- (no CPE)range: < 2.4.37-51.module_el8.7.0+3405+9516b832.1
- (no CPE)range: < 2.4.53-7.el9_1.1
- (no CPE)range: < 1:2.0.8-8.module_el8.6.0+2872+fe0ff7aa
- (no CPE)range: < 1:2.4.37-51.module_el8.7.0+3405+9516b832.1
- (no CPE)range: < 2.4.37-51.module_el8.7.0+3405+9516b832.1
- (no CPE)range: < 1:2.4.37-51.module_el8.7.0+3405+9516b832.1
- (no CPE)range: < 2.4.51-150400.6.6.1
- (no CPE)range: < 2.4.55-1.1
- (no CPE)range: < 2.4.33-150000.3.72.1
- (no CPE)range: < 2.4.51-150200.3.51.1
- (no CPE)range: < 2.4.51-150200.3.51.1
- (no CPE)range: < 2.4.33-150000.3.72.1
- (no CPE)range: < 2.4.51-150200.3.51.1
- (no CPE)range: < 2.4.51-150200.3.51.1
- (no CPE)range: < 2.4.51-150200.3.51.1
- (no CPE)range: < 2.4.51-150400.6.6.1
- (no CPE)range: < 2.4.51-150400.6.6.1
- (no CPE)range: < 2.4.51-150400.6.6.1
- (no CPE)range: < 2.4.51-150200.3.51.1
- (no CPE)range: < 2.4.23-29.94.1
- (no CPE)range: < 2.4.23-29.94.1
- (no CPE)range: < 2.4.51-35.22.1
- (no CPE)range: < 2.4.33-150000.3.72.1
- (no CPE)range: < 2.4.51-150200.3.51.1
- (no CPE)range: < 2.4.51-150200.3.51.1
- (no CPE)range: < 2.4.23-29.94.1
- (no CPE)range: < 2.4.51-35.22.1
- (no CPE)range: < 2.4.33-150000.3.72.1
- (no CPE)range: < 2.4.51-150200.3.51.1
- (no CPE)range: < 2.4.51-150200.3.51.1
- (no CPE)range: < 2.4.51-35.22.1
- (no CPE)range: < 2.4.51-150200.3.51.1
- (no CPE)range: < 2.4.51-150200.3.51.1
- (no CPE)range: < 2.4.51-150200.3.51.1
- (no CPE)range: < 2.4.23-29.94.1
- (no CPE)range: < 2.4.23-29.94.1
Patches
Vulnerability mechanics
References
2- httpd.apache.org/security/vulnerabilities_24.htmlmitrevendor-advisory
- security.gentoo.org/glsa/202309-01mitre
News mentions
0No linked articles in our index yet.