CVE-2022-22720

critical

Description

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling

References

https://www.oracle.com/security-alerts/cpujul2022.html

https://www.oracle.com/security-alerts/cpuapr2022.html

https://support.apple.com/kb/HT213257

https://support.apple.com/kb/HT213256

https://support.apple.com/kb/HT213255

https://security.netapp.com/advisory/ntap-20220321-0001/

https://security.gentoo.org/glsa/202208-20

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/

https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html

http://www.openwall.com/lists/oss-security/2022/03/14/3

http://seclists.org/fulldisclosure/2022/May/38

http://seclists.org/fulldisclosure/2022/May/35

http://seclists.org/fulldisclosure/2022/May/33

https://support.apple.com/en-us/HT213256

https://support.apple.com/en-us/102770

https://httpd.apache.org/security/vulnerabilities_24.html

Details

Source: Mitre, NVD

Published: 2022-03-14

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.24825

Detections

Analytics