Description

Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.

Remediation

References

CVE-2022-37436

Related Vulnerabilities

SeoPanel Cross-site Scripting (XSS) Vulnerability (CVE-2020-35930)

WordPress Plugin Yes-co ORES Cross-Site Scripting (1.3.44)

Joomla CVE-2022-23799 Vulnerability (CVE-2022-23799)

IBM WebSEAL Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1815)

MySQL CVE-2019-3009 Vulnerability (CVE-2019-3009)

Severity

Medium

Classification

CVE-2022-37436 CWE-436 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities