PT-2022-1920 · Apache+11 · Apache Http Server+11

Published

2022-03-14

·

Updated

2026-01-01

·

CVE-2022-22720

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.52 and earlier
Description The issue is related to the improper handling of HTTP requests, which can allow a remote attacker to perform an HTTP Request Smuggling attack. This occurs when the server fails to close an inbound connection after encountering errors while discarding the request body. The vulnerability can be exploited by sending a specially crafted HTTP request to the server, allowing the attacker to smuggle arbitrary HTTP headers.
Recommendations For Apache HTTP Server versions 2.4.52 and earlier, update to version 2.4.53 to resolve the issue.

Exploit

Fix

HTTP Request/Response Smuggling

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-444

Related Identifiers

ALSA-2022:1049
ALT-PU-2022-1522
ALT-PU-2022-1553
ALT-PU-2022-1574
ALT-PU-2022-1602
AZL-9016
BDU:2022-01456
BIT-APACHE-2022-22720
CESA-2022_1045
CESA-2022_1049
CVE-2022-22720
DLA-2960-1
MGASA-2022-0105
OESA-2022-1596
OPENSUSE-SU-2022:1031-1
OPENSUSE-SU-2022_1031-1
OPENSUSE-SU-2024:11919-1
RHSA-2022:1045
RHSA-2022:1049
RHSA-2022:1072
RHSA-2022:1075
RHSA-2022:1080
RHSA-2022:1102
RHSA-2022:1136
RHSA-2022:1137
RHSA-2022:1138
RHSA-2022:1139
RHSA-2022:1173
RHSA-2022:1389
RHSA-2022_1045
RHSA-2022_1049
RHSA-2022_1173
RLSA-2022:1049
ROSA-SA-2023-2158
SUSE-SU-2022:0918-1
SUSE-SU-2022:0928-1
SUSE-SU-2022:0929-1
SUSE-SU-2022:1031-1
SUSE-SU-2022:14924-1
SUSE-SU-2022_14924-1
USN-5333-1
USN-5333-2

Affected Products

Alt Linux
Almalinux
Apache Http Server
Astra Linux
Centos
Linuxmint
Apple Macos
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu