How severe is CVE-2022-36760?

CVE-2022-36760 has a CVSS v3 score of 9 (CRITICAL).

CVE-2022-36760

Name: http_server
Author: apache

9.0CRITICAL

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards reques

Publicado: 1/17/2023Actualizado: 4/4/2025

Descripción

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.

Análisis IAImpulsado por IA

Productos Afectados

apachehttp_server

Referencias

https://httpd.apache.org/security/vulnerabilities_24.html
Mailing ListVendor Advisory
https://security.gentoo.org/glsa/202309-01
https://httpd.apache.org/security/vulnerabilities_24.html
Mailing ListVendor Advisory
https://security.gentoo.org/glsa/202309-01