Apache · Apache Http Server · CVE-2022-36760
**Name of the Vulnerable Software and Affected Versions**
Apache HTTP Server versions 2.4.54 and prior versions
**Description**
The issue is related to the inconsistent interpretation of HTTP requests, also known as 'HTTP Request Smuggling', in the mod proxy ajp module of the Apache HTTP Server. This allows an attacker to smuggle requests to the AJP server that the module forwards requests to. The vulnerability is associated with deficiencies in the processing of the Transfer-Encoding header.
**Recommendations**
For Apache HTTP Server versions 2.4.54 and prior versions, update to a version that includes the fix for this issue.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.