CVE-2022-36760

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.54 and prior versions

Description The issue is related to the inconsistent interpretation of HTTP requests, also known as 'HTTP Request Smuggling', in the mod proxy ajp module of the Apache HTTP Server. This allows an attacker to smuggle requests to the AJP server that the module forwards requests to. The vulnerability is associated with deficiencies in the processing of the Transfer-Encoding header.

Recommendations For Apache HTTP Server versions 2.4.54 and prior versions, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

HTTP Request/Response Smuggling

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-444

Related Identifiers

ALSA-2023:0852

ALSA-2023:0970

ALT-PU-2023-1165

ALT-PU-2023-1189

ALT-PU-2023-1260

ALT-PU-2023-1380

AZL-13027

BDU:2023-00495

BIT-APACHE-2022-36760

CESA-2023_0852

CVE-2022-36760

DLA-3351-1

DSA-5376-1

MGASA-2023-0032

OESA-2023-1052

OPENSUSE-SU-2023_0322-1

OPENSUSE-SU-2024:12635-1

RHSA-2023:0852

RHSA-2023:0970

RHSA-2023:4629

RHSA-2023_0852

RHSA-2023_0970

RLSA-2023:0852

RLSA-2023:0970

SUSE-SU-2023:0183-1

SUSE-SU-2023:0185-1

SUSE-SU-2023:0294-1

SUSE-SU-2023:0321-1

SUSE-SU-2023:0322-1

USN-5834-1

USN-5839-1

Affected Products

Alt Linux

Almalinux

Apache Http Server

Astra Linux

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2022-36760

Weakness Enumeration

Related Identifiers

Affected Products

References · 93