[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2022-37436":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":99,"aliases":100,"duplicate_of":9,"upstream":101,"downstream":102,"duplicates":137,"related":138,"reserved_at":9,"published_at":146,"modified_at":147,"state":148,"summary":149,"references_raw":158,"kevs":170,"epss":171,"epss_history":174,"metrics":449,"affected":457},"CVE-2022-37436","Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.",null,[11,85],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-113","Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')","The product receives data from an HTTP agent/component (e.g., web server, proxy, browser, etc.), but it does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.","weakness","Incomplete","Variant",[19,23,77,81],{"id":20,"name":21,"techniques":22},"CAPEC-105","HTTP Request Splitting",[],{"id":24,"name":25,"techniques":26},"CAPEC-31","Accessing/Intercepting/Modifying HTTP Cookies",[27],{"id":28,"name":29,"tactics":30,"countermeasures":34},"T1539","Steal Web Session Cookie",[31],{"id":32,"name":33},"TA0031","Credential Access",[35,40,45,49,54,59,63,67,72],{"id":36,"name":37,"tactic":38},"D3-CCSA","Credential Compromise Scope Analysis",{"name":39},"Detect",{"id":41,"name":42,"tactic":43},"D3-CR","Credential Revocation",{"name":44},"Evict",{"id":46,"name":47,"tactic":48},"D3-ANCI","Authentication Cache Invalidation",{"name":44},{"id":50,"name":51,"tactic":52},"D3-DUC","Decoy User Credential",{"name":53},"Deceive",{"id":55,"name":56,"tactic":57},"D3-CH","Credential Hardening",{"name":58},"Harden",{"id":60,"name":61,"tactic":62},"D3-MFA","Multi-factor Authentication",{"name":58},{"id":64,"name":65,"tactic":66},"D3-CRO","Credential Rotation",{"name":58},{"id":68,"name":69,"tactic":70},"D3-RIC","Reissue Credential",{"name":71},"Restore",{"id":73,"name":74,"tactic":75},"D3-CTS","Credential Transmission Scoping",{"name":76},"Isolate",{"id":78,"name":79,"techniques":80},"CAPEC-34","HTTP Response Splitting",[],{"id":82,"name":83,"techniques":84},"CAPEC-85","AJAX Footprinting",[],{"_key":86,"id":86,"name":87,"description":88,"type":15,"status":16,"abstraction":89,"likelihood_of_exploit":9,"capec":90},"CWE-436","Interpretation Conflict","Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.","Class",[91,93,97],{"id":20,"name":21,"techniques":92},[],{"id":94,"name":95,"techniques":96},"CAPEC-273","HTTP Response Smuggling",[],{"id":78,"name":79,"techniques":98},[],[],[],[],[103,105,107,109,111,113,115,117,119,121,123,125,127,129,131,133,135],{"_key":104},"ALPINE-CVE-2022-37436",{"_key":106},"SUSE-SU-2023:0321-1",{"_key":108},"SUSE-SU-2023:0183-1",{"_key":110},"SUSE-SU-2023:0185-1",{"_key":112},"SUSE-SU-2023:0294-1",{"_key":114},"SUSE-SU-2023:0322-1",{"_key":116},"OPENSUSE-SU-2024:12635-1",{"_key":118},"DLA-3351-1",{"_key":120},"DSA-5376-1",{"_key":122},"RHSA-2023:4629",{"_key":124},"RHSA-2023:0852",{"_key":126},"RHSA-2023:0970",{"_key":128},"MGASA-2023-0032",{"_key":130},"USN-5839-1",{"_key":132},"DEBIAN-CVE-2022-37436",{"_key":134},"USN-5839-2",{"_key":136},"UBUNTU-CVE-2022-37436",[],[139,140,141,142,143,144,145],{"_key":106},{"_key":108},{"_key":110},{"_key":112},{"_key":114},{"_key":116},{"_key":128},"2023-01-17T19:12:59.968Z","2025-04-04T18:06:37.763Z","Modified",{"cisa_kev":150,"cisa_ransomware":150,"cisa_vendor":9,"epss_severity":151,"epss_score":152,"severity":153,"severity_score":154,"severity_version":155,"severity_source":156,"severity_vector":157,"severity_status":148},false,"low",0.00539,"medium",5.3,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",[159,166],{"url":160,"sources":161,"tags":163},"https://httpd.apache.org/security/vulnerabilities_24.html",[156,162],"nvd",[164,165],"Vendor Advisory","Release Notes",{"url":167,"sources":168,"tags":169},"https://security.gentoo.org/glsa/202309-01",[156,162],[],[],{"date":172,"score":152,"percentile":173},"2026-06-04",0.67928,[175,179,182,185,188,191,194,197,199,202,205,208,211,214,216,220,223,226,229,232,235,238,241,244,247,249,252,255,259,262,265,268,271,274,277,279,282,285,288,291,294,297,300,303,306,309,312,315,318,321,324,328,331,334,338,341,344,347,350,354,357,360,363,366,368,371,374,377,380,383,386,389,392,395,398,401,405,409,412,415,418,421,424,427,430,433,436,439,442,445],{"date":176,"score":177,"percentile":178},"2025-11-04",0.00525,0.66138,{"date":180,"score":177,"percentile":181},"2025-11-05",0.66115,{"date":183,"score":177,"percentile":184},"2025-11-06",0.6611,{"date":186,"score":177,"percentile":187},"2025-11-07",0.66122,{"date":189,"score":177,"percentile":190},"2025-11-08",0.66121,{"date":192,"score":177,"percentile":193},"2025-11-09",0.66109,{"date":195,"score":177,"percentile":196},"2025-11-10",0.661,{"date":198,"score":177,"percentile":193},"2025-11-11",{"date":200,"score":177,"percentile":201},"2025-11-12",0.66131,{"date":203,"score":177,"percentile":204},"2025-11-13",0.66142,{"date":206,"score":177,"percentile":207},"2025-11-14",0.66149,{"date":209,"score":177,"percentile":210},"2025-11-15",0.66145,{"date":212,"score":177,"percentile":213},"2025-11-16",0.66139,{"date":215,"score":177,"percentile":178},"2025-11-17",{"date":217,"score":218,"percentile":219},"2025-11-18",0.05547,0.89305,{"date":221,"score":218,"percentile":222},"2025-11-19",0.8931,{"date":224,"score":218,"percentile":225},"2025-11-20",0.89311,{"date":227,"score":177,"percentile":228},"2025-11-21",0.66148,{"date":230,"score":177,"percentile":231},"2025-11-22",0.66156,{"date":233,"score":177,"percentile":234},"2025-11-23",0.66143,{"date":236,"score":177,"percentile":237},"2025-11-24",0.6613,{"date":239,"score":177,"percentile":240},"2025-11-25",0.66133,{"date":242,"score":177,"percentile":243},"2025-11-26",0.6614,{"date":245,"score":177,"percentile":246},"2025-11-27",0.66144,{"date":248,"score":177,"percentile":237},"2025-11-28",{"date":250,"score":177,"percentile":251},"2025-11-29",0.66112,{"date":253,"score":177,"percentile":254},"2025-11-30",0.66107,{"date":256,"score":257,"percentile":258},"2025-12-01",0.00381,0.58883,{"date":260,"score":257,"percentile":261},"2025-12-02",0.589,{"date":263,"score":257,"percentile":264},"2025-12-03",0.58903,{"date":266,"score":177,"percentile":267},"2025-12-04",0.66104,{"date":269,"score":177,"percentile":270},"2025-12-05",0.66116,{"date":272,"score":177,"percentile":273},"2025-12-06",0.66123,{"date":275,"score":177,"percentile":276},"2025-12-07",0.66117,{"date":278,"score":177,"percentile":187},"2025-12-08",{"date":280,"score":177,"percentile":281},"2025-12-09",0.66153,{"date":283,"score":177,"percentile":284},"2025-12-10",0.66202,{"date":286,"score":177,"percentile":287},"2025-12-11",0.66221,{"date":289,"score":177,"percentile":290},"2025-12-12",0.66245,{"date":292,"score":177,"percentile":293},"2025-12-13",0.66252,{"date":295,"score":177,"percentile":296},"2025-12-14",0.66253,{"date":298,"score":177,"percentile":299},"2025-12-15",0.6625,{"date":301,"score":177,"percentile":302},"2025-12-16",0.66264,{"date":304,"score":177,"percentile":305},"2025-12-17",0.66279,{"date":307,"score":177,"percentile":308},"2025-12-18",0.66317,{"date":310,"score":177,"percentile":311},"2025-12-19",0.66332,{"date":313,"score":177,"percentile":314},"2025-12-20",0.6633,{"date":316,"score":177,"percentile":317},"2025-12-21",0.66321,{"date":319,"score":177,"percentile":320},"2025-12-22",0.66319,{"date":322,"score":177,"percentile":323},"2025-12-23",0.66313,{"date":325,"score":326,"percentile":327},"2025-12-24",0.00432,0.62089,{"date":329,"score":326,"percentile":330},"2025-12-25",0.6212,{"date":332,"score":326,"percentile":333},"2025-12-26",0.62116,{"date":335,"score":336,"percentile":337},"2025-12-27",0.00405,0.60506,{"date":339,"score":326,"percentile":340},"2025-12-28",0.62093,{"date":342,"score":326,"percentile":343},"2025-12-29",0.62091,{"date":345,"score":326,"percentile":346},"2025-12-30",0.62108,{"date":348,"score":326,"percentile":349},"2025-12-31",0.6213,{"date":351,"score":352,"percentile":353},"2026-01-01",0.00313,0.54217,{"date":355,"score":352,"percentile":356},"2026-01-02",0.54196,{"date":358,"score":352,"percentile":359},"2026-01-03",0.54189,{"date":361,"score":326,"percentile":362},"2026-01-04",0.62121,{"date":364,"score":326,"percentile":365},"2026-01-05",0.62111,{"date":367,"score":326,"percentile":330},"2026-01-06",{"date":369,"score":326,"percentile":370},"2026-01-07",0.6214,{"date":372,"score":326,"percentile":373},"2026-01-08",0.62163,{"date":375,"score":326,"percentile":376},"2026-01-09",0.62166,{"date":378,"score":326,"percentile":379},"2026-01-10",0.62159,{"date":381,"score":326,"percentile":382},"2026-01-11",0.62144,{"date":384,"score":326,"percentile":385},"2026-01-12",0.62122,{"date":387,"score":326,"percentile":388},"2026-01-13",0.621,{"date":390,"score":326,"percentile":391},"2026-01-14",0.62143,{"date":393,"score":326,"percentile":394},"2026-01-15",0.62142,{"date":396,"score":326,"percentile":397},"2026-01-16",0.62161,{"date":399,"score":326,"percentile":400},"2026-01-17",0.62155,{"date":402,"score":403,"percentile":404},"2026-01-18",0.00535,0.6684,{"date":406,"score":407,"percentile":408},"2026-01-19",0.00504,0.65524,{"date":410,"score":407,"percentile":411},"2026-01-20",0.65537,{"date":413,"score":407,"percentile":414},"2026-01-21",0.65548,{"date":416,"score":407,"percentile":417},"2026-01-22",0.65557,{"date":419,"score":407,"percentile":420},"2026-01-23",0.6559,{"date":422,"score":407,"percentile":423},"2026-01-24",0.65596,{"date":425,"score":407,"percentile":426},"2026-01-25",0.65565,{"date":428,"score":407,"percentile":429},"2026-01-26",0.65555,{"date":431,"score":407,"percentile":432},"2026-01-27",0.65563,{"date":434,"score":407,"percentile":435},"2026-01-28",0.65577,{"date":437,"score":407,"percentile":438},"2026-01-29",0.65578,{"date":440,"score":407,"percentile":441},"2026-01-30",0.65586,{"date":443,"score":407,"percentile":444},"2026-01-31",0.65588,{"date":446,"score":447,"percentile":448},"2026-02-01",0.00365,0.58132,[450,455],{"source":156,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":451,"cvss_v4_0":9},{"baseScore":154,"baseSeverity":452,"vectorString":157,"impactScore":453,"exploitabilityScore":454},"MEDIUM",2.3,10,{"source":162,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":456,"cvss_v4_0":9},{"baseScore":154,"baseSeverity":452,"vectorString":157,"impactScore":453,"exploitabilityScore":454},[458,469],{"ecosystem":9,"name":459,"vendor":460,"product":461,"cpe_part":462,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":463},"Apache HTTP Server","apache software foundation","apache http server","a",[464],{"version":465,"is_range":466,"range_type":156,"version_start":9,"version_start_type":9,"version_end":467,"version_end_type":468,"fixed_in":9},"\u003C 2.4.55",true,"2.4.55","excluding",{"ecosystem":9,"name":470,"vendor":9,"product":470,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":471},"HTTP Server",[472],{"version":473,"is_range":466,"range_type":474,"version_start":9,"version_start_type":9,"version_end":467,"version_end_type":468,"fixed_in":9},"lt2.4.55","cpe"]