You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by jo...@apache.org on 2023/01/20 12:54:22 UTC

svn propchange: r1906539 - svn:log

Author: jorton
Revision: 1906539
Modified property: svn:log

Modified: svn:log at Fri Jan 20 12:54:22 2023
------------------------------------------------------------------------------
--- svn:log (original)
+++ svn:log Fri Jan 20 12:54:22 2023
@@ -1 +1,9 @@
+SECURITY: CVE-2022-37436 (cve.mitre.org)
+
+Prior to Apache HTTP Server 2.4.55, a malicious backend can
+cause the response headers to be truncated early, resulting in
+some headers being incorporated into the response body. If the
+later headers have any security purpose, they will not be
+interpreted by the client.
+
 fail on bad header