CVE-2022-26377

high

Description

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.

References

http://www.openwall.com/lists/oss-security/2022/06/08/2

https://httpd.apache.org/security/vulnerabilities_24.html

https://security.netapp.com/advisory/ntap-20220624-0005/

https://lists.fedoraproject.org/archives/list/[email protected]/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/

https://lists.fedoraproject.org/archives/list/[email protected]/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/

https://security.gentoo.org/glsa/202208-20

Details

Source: MITRE

Published: 2022-06-09

Updated: 2022-08-24

Type: CWE-444

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH