Vulnerability CVE-2022-36760: Information

Description

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.

Severity: CRITICAL (9.0) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2022-36760
Published: Jan. 17, 2023
Modified: Sept. 9, 2023
Error type identifier: CWE-444

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
apache2sisyphus2.4.55-alt12.4.59-alt1ALT-PU-2023-1165-1314494Fixed
apache2sisyphus_e2k2.4.55-alt12.4.59-alt1ALT-PU-2023-2412-1-Fixed
apache2sisyphus_riscv642.4.55-alt12.4.59-alt1ALT-PU-2023-2418-1-Fixed
apache2p102.4.55-alt12.4.59-alt1ALT-PU-2023-1189-1314495Fixed
apache2p10_e2k2.4.55-alt12.4.59-alt1ALT-PU-2023-2472-1-Fixed
apache2p92.4.55-alt12.4.58-alt1ALT-PU-2023-1260-1314497Fixed
apache2p9_e2k2.4.55-alt12.4.57-alt2ALT-PU-2023-2671-1-Fixed
apache2c10f12.4.55-alt12.4.59-alt1ALT-PU-2023-1189-1314495Fixed
apache2c9f22.4.55-alt12.4.59-alt1ALT-PU-2023-1380-1314496Fixed
apache2p112.4.55-alt12.4.59-alt1ALT-PU-2023-1165-1314494Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://httpd.apache.org/security/vulnerabilities_24.html
  • Mailing List
  • Vendor Advisory
https://security.gentoo.org/glsa/202309-01

      1. Configuration 1

        cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
        Start including
        2.4.0
        End excliding
        2.4.55
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.5.3
    Back to top