How severe is CVE-2022-36760?

CVE-2022-36760 has a CVSS v3 score of 9 (CRITICAL).

CVE-2022-36760

Name: http_server
Author: apache

9.0CRITICAL

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards reques

Veröffentlicht: 1/17/2023Aktualisiert: 4/4/2025

Beschreibung

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.

KI-AnalyseKI-gestützt

Betroffene Produkte

apachehttp_server

Referenzen

https://httpd.apache.org/security/vulnerabilities_24.html
Mailing ListVendor Advisory
https://security.gentoo.org/glsa/202309-01
https://httpd.apache.org/security/vulnerabilities_24.html
Mailing ListVendor Advisory
https://security.gentoo.org/glsa/202309-01