How severe is CVE-2022-36760?

CVE-2022-36760 has a CVSS v3 score of 9 (CRITICAL).

CVE-2022-36760

Name: http_server
Author: apache

9.0CRITICAL

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards reques

Publicado: 1/17/2023Atualizado: 4/4/2025

Descrição

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.

Análise IADesenvolvido por IA

Produtos Afetados

apachehttp_server

Referências

https://httpd.apache.org/security/vulnerabilities_24.html
Mailing ListVendor Advisory
https://security.gentoo.org/glsa/202309-01
https://httpd.apache.org/security/vulnerabilities_24.html
Mailing ListVendor Advisory
https://security.gentoo.org/glsa/202309-01