What is CVE-2022-37436?

CVE-2022-37436 is a vulnerability in Apache Software Foundation Http Server, classified under HTTP Response Splitting. Published 2023-01-17.

Is CVE-2022-37436 known to be exploited?

13 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Software Foundation Http Server

CVE-2022-37436

Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will no…

EPSS: 0.579 (99.0th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Http Server — versions 0

Weakness classification (CWE)

CWE-113 — HTTP Response Splitting

Public proof-of-concept exploits

References

httpd.apache.org/security/vulnerabilities_24.html (vendor-advisory)
security.gentoo.org/glsa/202309-01

Frequently asked questions

What is CVE-2022-37436?: CVE-2022-37436 is a vulnerability in Apache Software Foundation Http Server, classified under HTTP Response Splitting. Published 2023-01-17.
Is CVE-2022-37436 known to be exploited?: 13 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.