K26314875: Apache vulnerability CVE-2022-26377

🗓️ 21 Feb 2023 19:55:58Reported by f5Type

f5🔗 my.f5.com👁 79 Views

Apache HTTP Server vulnerability CVE-2022-26377 allows smuggling HTTP requests to AJP server, impacting versions 2.4.53 and prior

Reporter	Title	Published	Views	Family All 208
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server	25 Jul 202215:18	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager.	26 Sep 202218:30	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Aspera Faspex 4.4.2 PL2 has addressed multiple vulnerabilities (CVE-2022-28330, CVE-2023-22868, CVE-2022-30556, CVE-2022-31813, CVE-2022-30522, CVE-2022-47986, CVE-2022-28615, CVE-2022-26377, CVE-2018-25032, CVE-2022-2068)	12 Nov 202402:31	–	ibm
IBM Security Bulletins	WebSphere Application Server and IBM HTTP Server Security Bulletin List	13 Jul 202218:04	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security SiteProtector System is affected by multiple Apache HTTP Server Vulnerabilities	8 Aug 202208:16	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to HTTP request smuggling due to CVE-2022-26377	4 Nov 202217:48	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Aspera Orchestrator vulnerable to HTTP request smuggling due to an Apache HTTP Server vulnerability (CVE-2022-26377)	2 Feb 202317:43	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities affect IBM Cloud Pak System.	9 Oct 202417:08	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring included WebSphere Application Server and IBM HTTP Server used by WebSphere Application Server	30 Dec 202217:31	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Rational Build Forge is vulnerable to HTTP request smuggling due to the use of Apache HTTP server (CVE-2022-26377).	19 Oct 202316:10	–	ibm

Vulners

Node

f5 big-ip_next_spkRange17.0.0–17.1.1

OR

f5 big-ip_aamRange17.0.0–17.1.1

OR

f5 big-ip_afmRange17.0.0–17.1.1

OR

f5 big-ip_analyticsRange17.0.0–17.1.1

OR

f5 big-ip_apmRange17.0.0–17.1.1

OR

f5 big-ip_asmRange17.0.0–17.1.1

OR

f5 big-ip_ddos_hybrid_defenderRange17.0.0–17.1.1

OR

f5 big-ip_dnsRange17.0.0–17.1.1

OR

f5 big-ip_fpsRange17.0.0–17.1.1

OR

f5 big-ip_link_controllerRange17.0.0–17.1.1

OR

f5 big-ip_ltmRange17.0.0–17.1.1

OR

f5 big-ip_pemRange17.0.0–17.1.1

OR

f5 big-ip_ssl_orchestratorRange17.0.0–17.1.1

OR

f5 big-ip_next_spkRange16.1.0–16.1.4

OR

f5 big-ip_aamRange16.1.0–16.1.4

OR

f5 big-ip_afmRange16.1.0–16.1.4

OR

f5 big-ip_analyticsRange16.1.0–16.1.4

OR

f5 big-ip_apmRange16.1.0–16.1.4

OR

f5 big-ip_asmRange16.1.0–16.1.4

OR

f5 big-ip_ddos_hybrid_defenderRange16.1.0–16.1.4

OR

f5 big-ip_dnsRange16.1.0–16.1.4

OR

f5 big-ip_fpsRange16.1.0–16.1.4

OR

f5 big-ip_link_controllerRange16.1.0–16.1.4

OR

f5 big-ip_ltmRange16.1.0–16.1.4

OR

f5 big-ip_pemRange16.1.0–16.1.4

OR

f5 big-ip_ssl_orchestratorRange16.1.0–16.1.4

OR

f5 big-ip_next_spkRange15.1.0–15.1.10

OR

f5 big-ip_aamRange15.1.0–15.1.10

OR

f5 big-ip_afmRange15.1.0–15.1.10

OR

f5 big-ip_analyticsRange15.1.0–15.1.10

OR

f5 big-ip_apmRange15.1.0–15.1.10

OR

f5 big-ip_asmRange15.1.0–15.1.10

OR

f5 big-ip_ddos_hybrid_defenderRange15.1.0–15.1.10

OR

f5 big-ip_dnsRange15.1.0–15.1.10

OR

f5 big-ip_fpsRange15.1.0–15.1.10

OR

f5 big-ip_link_controllerRange15.1.0–15.1.10

OR

f5 big-ip_ltmRange15.1.0–15.1.10

OR

f5 big-ip_pemRange15.1.0–15.1.10

OR

f5 big-ip_ssl_orchestratorRange15.1.0–15.1.10

OR

f5 big-ip_next_spkRange14.1.0–14.1.5

OR

f5 big-ip_aamRange14.1.0–14.1.5

OR

f5 big-ip_afmRange14.1.0–14.1.5

OR

f5 big-ip_analyticsRange14.1.0–14.1.5

OR

f5 big-ip_apmRange14.1.0–14.1.5

OR

f5 big-ip_asmRange14.1.0–14.1.5

OR

f5 big-ip_ddos_hybrid_defenderRange14.1.0–14.1.5

OR

f5 big-ip_dnsRange14.1.0–14.1.5

OR

f5 big-ip_fpsRange14.1.0–14.1.5

OR

f5 big-ip_link_controllerRange14.1.0–14.1.5

OR

f5 big-ip_ltmRange14.1.0–14.1.5

OR

f5 big-ip_pemRange14.1.0–14.1.5

OR

f5 big-ip_ssl_orchestratorRange14.1.0–14.1.5

OR

f5 big-ip_next_spkRange13.1.0–13.1.5

OR

f5 big-ip_aamRange13.1.0–13.1.5

OR

f5 big-ip_afmRange13.1.0–13.1.5

OR

f5 big-ip_analyticsRange13.1.0–13.1.5

OR

f5 big-ip_apmRange13.1.0–13.1.5

OR

f5 big-ip_asmRange13.1.0–13.1.5

OR

f5 big-ip_ddos_hybrid_defenderRange13.1.0–13.1.5

OR

f5 big-ip_dnsRange13.1.0–13.1.5

OR

f5 big-ip_fpsRange13.1.0–13.1.5

OR

f5 big-ip_link_controllerRange13.1.0–13.1.5

OR

f5 big-ip_ltmRange13.1.0–13.1.5

OR

f5 big-ip_pemRange13.1.0–13.1.5

OR

f5 big-ip_ssl_orchestratorRange13.1.0–13.1.5

OR

f5 f5os-aRange1.8.0–1.8.3

OR

f5 f5os-aRange1.7.0–1.8.4

OR

f5 f5os-aRange1.5.0–1.5.4

OR

f5 f5os-aRange1.4.0–1.8.4

OR

f5 f5os-aRange1.3.0–1.3.2

OR

f5 f5os-aRange1.2.0–1.8.4

OR

f5 f5os-aRange1.1.0–1.1.1

OR

f5 f5os-aRange1.0.0–1.0.1

OR

f5 f5os-cRange1.8.0–1.8.2

OR

f5 f5os-cRange1.6.0–1.6.4

OR

f5 f5os-cRange1.5.0–1.5.1

OR

f5 f5os-cRange1.3.0–1.3.2

OR

f5 f5os-cRange1.2.0–1.2.2

OR

f5 f5os-cRange1.1.0–1.1.4

OR

f5 traffix_sdcMatch5.2.0

OR

f5 traffix_sdcMatch5.1.0

28 Apr 2026 05:13Current

8.6High risk

Vulners AI Score8.6

CVSS 25

CVSS 3.17.5

EPSS0.32376

apache http server cve-2022-26377 http request smuggling ajp server security controls crafted http request