CVE-2022-31813

CRITICAL LAB

Apache HTTP Server < 2.4.54 - Insufficient Verification of Data Authenticity via X-Forwarded-* Headers

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2022-31813. PoCs published by dodiorne, yiliufeng168.

AI-analyzed exploit summary This repository contains a black-box vulnerability scanner for CVE-2022-31813, a path traversal and access control bypass vulnerability in Apache HTTP Server ≤ 2.4.53 using mod_proxy and ProxyPassMatch. The tool tests multiple bypass vectors, captures screenshots, and logs results in a structured CSV report.

Description

Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.

Exploits (2)

nomisec SCANNER 1 stars
by dodiorne · poc
https://github.com/dodiorne/cve-2022-31813

This repository contains a black-box vulnerability scanner for CVE-2022-31813, a path traversal and access control bypass vulnerability in Apache HTTP Server ≤ 2.4.53 using mod_proxy and ProxyPassMatch. The tool tests multiple bypass vectors, captures screenshots, and logs results in a structured CSV report.

Classification
Scanner 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Apache HTTP Server ≤ 2.4.53
No auth needed
Prerequisites: Python 3.8+ · requests library · selenium library · pandas library · Google Chrome · ChromeDriver
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by yiliufeng168 · poc
https://github.com/yiliufeng168/CVE-2022-31813

This repository contains a functional PoC for CVE-2022-31813, demonstrating an HTTP request smuggling vulnerability via hop-by-hop header manipulation. The exploit bypasses IP-based access controls by injecting malicious headers (X-Real-IP, Connection) to spoof trusted internal traffic.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Apache HTTP Server 2.4.53 (and likely other versions)
No auth needed
Prerequisites: Network access to target server · Target server using header-based IP restrictions
devstral-2 · analyzed Mar 02, 2026 Full analysis →

References (6)

Core 6
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2022/06/08/8
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20220624-0005/
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202208-20

Scores

CVSS v3 9.8
EPSS 0.0314
EPSS Percentile 86.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Lab Environment

COMMUNITY
Community Lab
docker pull httpd:2.4.53

Details

CWE
CWE-345 CWE-348
Status published
Products (4)
apache/http_server < 2.4.54
fedoraproject/fedora 35
fedoraproject/fedora 36
netapp/clustered_data_ontap
Published Jun 09, 2022
Tracked Since Feb 18, 2026