How severe is CVE-2022-36760?

CVE-2022-36760 has a CVSS v3 score of 9 (CRITICAL).

CVE-2022-36760

Name: http_server
Author: apache

9.0CRITICAL

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards reques

Published: 1/17/2023Updated: 4/4/2025

Description

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.

AI AnalysisPowered by AI

Affected Products

apachehttp_server

References

https://httpd.apache.org/security/vulnerabilities_24.html
Mailing ListVendor Advisory
https://security.gentoo.org/glsa/202309-01
https://httpd.apache.org/security/vulnerabilities_24.html
Mailing ListVendor Advisory
https://security.gentoo.org/glsa/202309-01