Home

CVE-2022-31813

Description

Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.038

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities are fixed in IBM HTTP 8.5.5.23Windows
Multiple vulnerabilities are fixed in IBM HTTP 9.0.5.13Windows
Multiple vulnerabilities are affected in Oracle HTTP Server 12.2.1.4.0Windows
Vulnerabilities CVE-2022-31813 are fixed in Oracle Secure Backup 18.1.0.2.0Windows
Multiple Vulnerabilities are affected in IBM Tivoli Monitoring 6.3.0Windows
Multiple Vulnerabilities are affected in IBM Aspera Faspex 4.4.2Windows
Apache HTTP server (USN-5487-1) apache2_2.4.52-1ubuntu4.1_i386.debLinux
Apache HTTP server (USN-5487-1) apache2_2.4.52-1ubuntu4.1_amd64.debLinux
Apache HTTP server (USN-5487-1) apache2_2.4.29-1ubuntu4.24_i386.debLinux
Apache HTTP server (USN-5487-1) apache2_2.4.29-1ubuntu4.24_amd64.debLinux
Apache HTTP server (USN-5487-1) apache2_2.4.41-4ubuntu3.12_i386.debLinux
Apache HTTP server (USN-5487-1) apache2_2.4.41-4ubuntu3.12_amd64.debLinux
Apache HTTP server (USN-5487-1) apache2_2.4.48-3.1ubuntu3.5_i386.debLinux
Apache HTTP server (USN-5487-1) apache2_2.4.48-3.1ubuntu3.5_amd64.debLinux
Apache HTTP server (USN-5487-1) apache2-bin_2.4.52-1ubuntu4.6_i386.debLinux
Apache HTTP server (USN-5487-1) apache2-bin_2.4.52-1ubuntu4.6_amd64.debLinux
Apache HTTP server (USN-5487-1) apache2-bin_2.4.29-1ubuntu4.24_i386.debLinux
Apache HTTP server (USN-5487-1) apache2-bin_2.4.29-1ubuntu4.24_amd64.debLinux
Apache HTTP server (USN-5487-1) apache2-bin_2.4.41-4ubuntu3.14_i386.debLinux
Apache HTTP server (USN-5487-1) apache2-bin_2.4.41-4ubuntu3.14_amd64.debLinux
Apache HTTP server (USN-5487-1) apache2-bin_2.4.48-3.1ubuntu3.5_i386.debLinux
Apache HTTP server (USN-5487-1) apache2-bin_2.4.48-3.1ubuntu3.5_amd64.debLinux
Apache HTTP server (USN-5487-3) apache2_2.4.29-1ubuntu4.25_i386.debLinux
Apache HTTP server (USN-5487-3) apache2_2.4.29-1ubuntu4.25_amd64.debLinux
Apache HTTP server (USN-5487-3) apache2-bin_2.4.29-1ubuntu4.27_i386.debLinux
Apache HTTP server (USN-5487-3) apache2-bin_2.4.29-1ubuntu4.27_amd64.debLinux
Httpd update (ELSA-2022-9675) httpd-2.4.6-97.0.7.el7_9.5.x86_64.rpmLinux
Httpd-devel update (ELSA-2022-9675) httpd-devel-2.4.6-97.0.7.el7_9.5.x86_64.rpmLinux
Httpd-manual update (ELSA-2022-9675) httpd-manual-2.4.6-97.0.7.el7_9.5.noarch.rpmLinux
Httpd-tools update (ELSA-2022-9675) httpd-tools-2.4.6-97.0.7.el7_9.5.x86_64.rpmLinux
Mod_ldap update (ELSA-2022-9675) mod_ldap-2.4.6-97.0.7.el7_9.5.x86_64.rpmLinux
Mod_proxy_html update (ELSA-2022-9675) mod_proxy_html-2.4.6-97.0.7.el7_9.5.x86_64.rpmLinux
Mod_session update (ELSA-2022-9675) mod_session-2.4.6-97.0.7.el7_9.5.x86_64.rpmLinux
Mod_ssl update (ELSA-2022-9675) mod_ssl-2.4.6-97.0.7.el7_9.5.x86_64.rpmLinux
Httpd update (ELSA-2022-9682) httpd-2.4.37-47.0.2.module+el8.6.0+20724+119b489d.2.x86_64.rpmLinux
Httpd-devel update (ELSA-2022-9682) httpd-devel-2.4.37-47.0.2.module+el8.6.0+20724+119b489d.2.x86_64.rpmLinux
Httpd-filesystem update (ELSA-2022-9682) httpd-filesystem-2.4.37-47.0.2.module+el8.6.0+20724+119b489d.2.noarch.rpmLinux
Httpd-manual update (ELSA-2022-9682) httpd-manual-2.4.37-47.0.2.module+el8.6.0+20724+119b489d.2.noarch.rpmLinux
Httpd-tools update (ELSA-2022-9682) httpd-tools-2.4.37-47.0.2.module+el8.6.0+20724+119b489d.2.x86_64.rpmLinux
Mod_http2 update (ELSA-2022-9682) mod_http2-1.15.7-5.module+el8.6.0+20548+01710940.x86_64.rpmLinux
Mod_ldap update (ELSA-2022-9682) mod_ldap-2.4.37-47.0.2.module+el8.6.0+20724+119b489d.2.x86_64.rpmLinux
Mod_md update (ELSA-2022-9682) mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.x86_64.rpmLinux
Mod_proxy_html update (ELSA-2022-9682) mod_proxy_html-2.4.37-47.0.2.module+el8.6.0+20724+119b489d.2.x86_64.rpmLinux
Mod_session update (ELSA-2022-9682) mod_session-2.4.37-47.0.2.module+el8.6.0+20724+119b489d.2.x86_64.rpmLinux
Mod_ssl update (ELSA-2022-9682) mod_ssl-2.4.37-47.0.2.module+el8.6.0+20724+119b489d.2.x86_64.rpmLinux
Httpd update (ELSA-2022-9680) httpd-2.4.51-7.0.2.el9_0.x86_64.rpmLinux
Httpd-devel update (ELSA-2022-9680) httpd-devel-2.4.51-7.0.2.el9_0.x86_64.rpmLinux
Httpd-filesystem update (ELSA-2022-9680) httpd-filesystem-2.4.51-7.0.2.el9_0.noarch.rpmLinux
Httpd-manual update (ELSA-2022-9680) httpd-manual-2.4.51-7.0.2.el9_0.noarch.rpmLinux
Httpd-tools update (ELSA-2022-9680) httpd-tools-2.4.51-7.0.2.el9_0.x86_64.rpmLinux
Mod_ldap update (ELSA-2022-9680) mod_ldap-2.4.51-7.0.2.el9_0.x86_64.rpmLinux
Mod_lua update (ELSA-2022-9680) mod_lua-2.4.51-7.0.2.el9_0.x86_64.rpmLinux
Mod_proxy_html update (ELSA-2022-9680) mod_proxy_html-2.4.51-7.0.2.el9_0.x86_64.rpmLinux
Mod_session update (ELSA-2022-9680) mod_session-2.4.51-7.0.2.el9_0.x86_64.rpmLinux
Mod_ssl update (ELSA-2022-9680) mod_ssl-2.4.51-7.0.2.el9_0.x86_64.rpmLinux
(RHSA-2022:8067) httpd security, bug fix, and enhancement update httpd-2.4.53-7.el9.x86_64.rpmLinux
(RHSA-2022:8067) httpd security, bug fix, and enhancement update httpd-core-2.4.53-7.el9.x86_64.rpmLinux
(RHSA-2022:8067) httpd security, bug fix, and enhancement update httpd-debugsource-2.4.53-7.el9.x86_64.rpmLinux
(RHSA-2022:8067) httpd security, bug fix, and enhancement update httpd-devel-2.4.53-7.el9.x86_64.rpmLinux
(RHSA-2022:8067) httpd security, bug fix, and enhancement update httpd-filesystem-2.4.53-7.el9.noarch.rpmLinux
(RHSA-2022:8067) httpd security, bug fix, and enhancement update httpd-manual-2.4.53-7.el9.noarch.rpmLinux
(RHSA-2022:8067) httpd security, bug fix, and enhancement update httpd-tools-2.4.53-7.el9.x86_64.rpmLinux
(RHSA-2022:8067) httpd security, bug fix, and enhancement update mod_ldap-2.4.53-7.el9.x86_64.rpmLinux
(RHSA-2022:8067) httpd security, bug fix, and enhancement update mod_lua-2.4.53-7.el9.x86_64.rpmLinux
(RHSA-2022:8067) httpd security, bug fix, and enhancement update mod_proxy_html-2.4.53-7.el9.x86_64.rpmLinux
(RHSA-2022:8067) httpd security, bug fix, and enhancement update mod_session-2.4.53-7.el9.x86_64.rpmLinux
(RHSA-2022:8067) httpd security, bug fix, and enhancement update mod_ssl-2.4.53-7.el9.x86_64.rpmLinux
Httpd update (ELSA-2023-1593) httpd-2.4.6-98.0.3.el7_9.7.x86_64.rpmLinux
Httpd-devel update (ELSA-2023-1593) httpd-devel-2.4.6-98.0.3.el7_9.7.x86_64.rpmLinux
Httpd-manual update (ELSA-2023-1593) httpd-manual-2.4.6-98.0.3.el7_9.7.noarch.rpmLinux
Httpd-tools update (ELSA-2023-1593) httpd-tools-2.4.6-98.0.3.el7_9.7.x86_64.rpmLinux
Mod_session update (ELSA-2023-1593) mod_session-2.4.6-98.0.3.el7_9.7.x86_64.rpmLinux
Mod_ssl update (ELSA-2023-1593) mod_ssl-2.4.6-98.0.3.el7_9.7.x86_64.rpmLinux
SUSE-SU-2022:2342-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) apache2-utils-debuginfo-2.4.51-150200.3.48.1.x86_64.rpmLinux
SUSE-SU-2022:2342-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) apache2-prefork-debuginfo-2.4.51-150200.3.48.1.x86_64.rpmLinux
Apache HTTP server (USN-5487-1) apache2-bin_2.4.52-1ubuntu4.1_i386.debLinux
Apache HTTP server (USN-5487-1) apache2-bin_2.4.52-1ubuntu4.1_amd64.debLinux
Apache HTTP server (USN-5487-1) apache2-bin_2.4.41-4ubuntu3.12_i386.debLinux
Apache HTTP server (USN-5487-1) apache2-bin_2.4.41-4ubuntu3.12_amd64.debLinux
Apache HTTP server (USN-5487-3) apache2-bin_2.4.29-1ubuntu4.25_i386.debLinux
Apache HTTP server (USN-5487-3) apache2-bin_2.4.29-1ubuntu4.25_amd64.debLinux
Insufficient Verification of Data Authenticity Vulnerability (CVE-2022-31813)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234