VulnerableCode Package Details - pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.57-5?arch=el8jbcs

Search for packages

Vulnerability	Summary	Fixed by
VCID-4c3m-m6ku-kbhq Aliases: CVE-2023-27522 GHSA-vcph-37mh-fqrh	HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client.	There are no reported fixed by versions.
VCID-6qk8-1cj1-4fh7 Aliases: CVE-2022-36760	Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.	There are no reported fixed by versions.
VCID-htfx-mahy-9kde Aliases: CVE-2022-37436	Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-4c3m-m6ku-kbhq
Aliases:
CVE-2023-27522
GHSA-vcph-37mh-fqrh

HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client.

There are no reported fixed by versions.

VCID-6qk8-1cj1-4fh7
Aliases:
CVE-2022-36760

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.

There are no reported fixed by versions.

VCID-htfx-mahy-9kde
Aliases:
CVE-2022-37436

Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T13:55:44.135169+00:00	RedHat Importer	Affected by	VCID-6qk8-1cj1-4fh7	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36760.json	38.0.0
2026-04-01T13:55:43.997401+00:00	RedHat Importer	Affected by	VCID-htfx-mahy-9kde	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37436.json	38.0.0
2026-04-01T13:55:10.241127+00:00	RedHat Importer	Affected by	VCID-4c3m-m6ku-kbhq	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27522.json	38.0.0