{"id":"MGASA-2023-0032","summary":"Updated apache packages fix security vulnerability","details":"CVE-2022-37436: Apache HTTP Server: mod_proxy prior to 2.4.55 allows a\nbackend to trigger HTTP response splitting. Prior to 2.4.55, a malicious\nbackend can cause the response headers to be truncated early, resulting in\nsome headers being incorporated into the response body. If the later\nheaders have any security purpose, they will not be interpreted by the\nclient. Credits: Dimas Fariski Setyawan Putra (@nyxsorcerer)\n\nCVE-2022-36760: Apache HTTP Server: mod_proxy_ajp Possible request\nsmuggling. Inconsistent Interpretation of HTTP Requests ('HTTP Request\nSmuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an\nattacker to smuggle requests to the AJP server it forwards requests to.\nCredits: ZeddYu_Lu from Qi'anxin Research Institute of Legendsec at\nQi'anxin Group\n\nCVE-2006-20001: mod_dav out of  bounds read, or write of zero byte\nA carefully crafted If: request header can cause a memory read, or write\nof a single zero byte, in a pool (heap) memory location beyond the header\nvalue sent. This could cause the process to crash.\n","modified":"2026-04-16T04:44:44.987090309Z","published":"2023-02-07T00:06:39Z","upstream":["CVE-2006-20001","CVE-2022-36760","CVE-2022-37436"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2023-0032.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=31427"},{"type":"WEB","url":"https://downloads.apache.org/httpd/CHANGES_2.4.55"}],"affected":[{"package":{"name":"apache","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/apache?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.55-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0032.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}