How severe is CVE-2022-36760?

CVE-2022-36760 has a CVSS v3 score of 9 (CRITICAL).

CVE-2022-36760

Name: http_server
Author: apache

9.0CRITICAL

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards reques

公開日: 1/17/2023更新日: 4/4/2025

説明

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.

AI分析AIによる分析

影響を受ける製品

apachehttp_server

参照

https://httpd.apache.org/security/vulnerabilities_24.html
Mailing ListVendor Advisory
https://security.gentoo.org/glsa/202309-01
https://httpd.apache.org/security/vulnerabilities_24.html
Mailing ListVendor Advisory
https://security.gentoo.org/glsa/202309-01