CVE-2022-31813 vulnerability in Apache and Other Products
Published on June 9, 2022
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.
Weakness Type
Use of Less Trusted Source
The software has two different sources of the same data or information, but it uses the source that has less support for verification, is less trusted, or is less resistant to attack.
Products Associated with CVE-2022-31813
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-31813 are published in these products:
Affected Versions
Apache Software Foundation Apache HTTP Server:- Version Apache HTTP Server 2.4, <= 2.4.53 is affected.
Exploit Probability
EPSS
0.04%
Percentile
10.96%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.