← Back

CVE-2022-31813

nvd nist
Published: Jun 9, 2022Modified: May 1, 2025

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.

Affected (4)

Apache
1 product
Http Server
Netapp
1 product
Clustered Data Ontap
Fedoraproject
1 product
Fedora
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Http Server
Before 2.4.54
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Clustered Data Ontap
All versions
Configuration C
2 vulnerable
Vulnerable SoftwareAffected Versions
Fedoraproject
Fedora
Version 35
Fedora
Version 36

Related CWEs

CWE-345
Insufficient Verification of Data Authenticity
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
CWE-348
Use of Less Trusted Source
The product has two different sources of the same data or information, but it uses the source that has less support for verification, is less trusted, or is less resistant to attack.

References (12)

Source: security@apache.org
Mailing ListThird Party Advisory
Source: security@apache.org
Vendor Advisory
Source: security@apache.org
Third Party Advisory
Source: security@apache.org
Third Party Advisory
Source: security@apache.org
Third Party Advisory
Source: security@apache.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.