Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.
References
Configurations
History
07 Nov 2023, 03:47
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
19 Aug 2022, 12:54
Type | Values Removed | Values Added |
---|---|---|
First Time |
Fedoraproject
Netapp Netapp clustered Data Ontap Fedoraproject fedora |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/ - Mailing List, Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/202208-20 - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/ - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220624-0005/ - Third Party Advisory | |
CPE | cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* |
15 Aug 2022, 11:21
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 Jul 2022, 05:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Jul 2022, 06:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
24 Jun 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
17 Jun 2022, 19:19
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) http://www.openwall.com/lists/oss-security/2022/06/08/8 - Mailing List, Third Party Advisory | |
References | (MISC) https://httpd.apache.org/security/vulnerabilities_24.html - Vendor Advisory | |
CWE | CWE-345 | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
First Time |
Apache
Apache http Server |
|
CPE | cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* |
09 Jun 2022, 17:33
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-06-09 17:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-31813
Mitre link : CVE-2022-31813
CVE.ORG link : CVE-2022-31813
JSON object : View
Products Affected
netapp
- clustered_data_ontap
apache
- http_server
fedoraproject
- fedora