Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.
                
            References
                    | Link | Resource | 
|---|---|
| https://httpd.apache.org/security/vulnerabilities_24.html | Release Notes Vendor Advisory | 
| https://security.gentoo.org/glsa/202309-01 | |
| https://httpd.apache.org/security/vulnerabilities_24.html | Release Notes Vendor Advisory | 
| https://security.gentoo.org/glsa/202309-01 | 
Configurations
                    History
                    No history.
Information
                Published : 2023-01-17 20:15
Updated : 2025-04-04 18:15
NVD link : CVE-2022-37436
Mitre link : CVE-2022-37436
CVE.ORG link : CVE-2022-37436
JSON object : View
Products Affected
                apache
- http_server
