CVE-2022-37436

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') (CWE-113)

Published: Jan 17, 2023 / Updated: 22mo ago

HP Reference: HPSBHF03842 Release Date: 2023-04-13 Update Date: 2023-04-13 Category: Cloud Client Software Severity / Potential impact Severity: Critical

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service

Article URL: https://downloads.apache.org/httpd/CHANGES_2.4.55 Comments URL: https://news.ycombinator.com/item?id=34478456 Points: 2 # Comments: 0

The connection between the tools and TTPs (Tactics, Techniques and Procedures) of Sharp Panda and the previously mentioned attacks in Southeast Asia might serve as yet another example of key characteristics inherent to Chinese-based APT operations, such as sharing custom tools between groups or task specialization, when one entity is responsible for the initial infection and another one performs the actual intelligence gathering. Following the identification of this campaign, [We] responded to multiple UNC2970 intrusions targeting U.S. and European Media organizations through spear-phishing that used a job recruitment theme and demonstrated advancements in the groups ability to operate in cloud environments and against Endpoint Detection and Response (EDR) tools.

Nessus Plugin ID 211533 with High Severity Synopsis The remote Oracle Linux host is missing one or more security updates. Description The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-9306 advisory. - Resolves: RHEL-52724 - Regression introduced by CVE-2024-38474 fix - Resolves: RHEL-31856 - httpd: HTTP response splitting (CVE-2023-38709) - Resolves: RHEL-31859 - httpd: HTTP Response Splitting in multiple modules (CVE-2024-24795) - Resolves: RHEL-14447 - httpd: mod_macro:

WebSphere Commerce Version 8 June 23, 2023 CVE-2023-24998 Multiple vulnerabilities in IBM WebSphere Application Server affect HCL Commerce WebSphere Application Server WebSphere Commerce Version 8 June 23, 2023 CVE-2023-30441, CVE-2023-25690 Multiple vulnerabilities in IBM Java SDK and IBM HTTP Server included with IBM WebSphere Application Server affect HCL Commerce IBM Java SDK and IBM HTTP Server

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability. The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

A vulnerability in the core of Apache HTTP Server 2.4.59 and earlier allows information disclosure, SSRF, or local script execution via backend applications with malicious or exploitable response headers. A null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request.

Nessus Plugin ID 195442 with Critical Severity Synopsis The remote Red Hat 7 host is affected by multiple vulnerabilities that will not be patched. Description The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism (CVE-2022-31813) - Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured. (CVE-2019-17567) - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow (CVE-2020-35452) - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service (CVE-2021-26690) - Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF' (CVE-2021-30641) - A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48. (CVE-2021-33193) - A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).