Inconsistent Interpretation of HTTP Requests (‘HTTP Request Smuggling’) vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.

Affected configurations

NVD

Node

apachehttp_serverRange2.4.0–2.4.55

References

httpd.apache.org/security/vulnerabilities_24.html

security.gentoo.org/glsa/202309-01

nessus 51

cbl_mariner 2

osv 10

redhatcve 1

cve 1

ubuntucve 1

cloudlinux 1

alpinelinux 1

prion 1

f5 1

debiancve 1

broadcom 1

cvelist 1

veracode 1

openvas 32

ibm 9

ubuntu 2

almalinux 2

oraclelinux 2

altlinux 2

amazon 2

redhat 4

redos 1

freebsd 1

kaspersky 1

fedora 2

rocky 2

mageia 1

slackware 1

debian 2

gentoo 1

photon 2

rosalinux 1

qualysblog 1

hp 1

ics 1

oracle 2

nessus

CBL Mariner 2.0 Security Update: httpd (CVE-2022-36760)

2023-03-20 00:00:00

F5 Networks BIG-IP : Apache HTTP server vulnerability (K000132643)

2023-11-02 00:00:00

Ubuntu 16.04 ESM : Apache HTTP Server vulnerabilities (USN-5834-1)

2023-01-31 00:00:00

cbl_mariner

CVE-2022-36760 affecting package httpd 2.4.54-1

2023-02-14 02:35:58

CVE-2022-36760 affecting package httpd for versions less than 2.4.55-1

2023-02-14 20:36:06

osv

BIT-apache-2022-36760

2024-03-06 10:51:40

CVE-2022-36760

2023-01-17 20:15:11

apache2 vulnerabilities

2023-01-31 13:13:51

redhatcve

CVE-2022-36760

2023-01-18 19:05:48

cve

CVE-2022-36760

2023-01-17 20:15:11

ubuntucve

CVE-2022-36760

2023-01-17 00:00:00

cloudlinux

httpd: Fix of CVE-2022-36760

2023-01-30 20:52:19

alpinelinux

CVE-2022-36760

2023-01-17 20:15:11

prion

Design/Logic Flaw

2023-01-17 20:15:00

K000132643 : Apache HTTP server vulnerability CVE-2022-36760

2023-02-22 00:00:00

debiancve

CVE-2022-36760

2023-01-17 20:15:11

broadcom

CVE-2022-36760 - HTTP Request Smuggling

2023-05-02 00:00:00

cvelist

CVE-2022-36760 Apache HTTP Server: mod_proxy_ajp Possible request smuggling

2023-01-17 19:11:55

veracode

HTTP Request Smuggling

2023-01-23 12:46:08

openvas

Ubuntu: Security Advisory (USN-5834-1)

2023-02-01 00:00:00

SUSE: Security Advisory (SUSE-SU-2023:0321-1)

2023-02-10 00:00:00

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-2240)

2023-06-12 00:00:00

ibm

Security Bulletin: Vulnerability in Apache HTTP Server (CVE-2022-36760 and CVE-2022-37436 ) affects Power HMC

2023-06-20 09:31:46

Security Bulletin: Multiple security vulnerabilities has been identified in IBM HTTP Server shipped with IBM Rational ClearCase [CVE-2022-28331, CVE-2022-36760, CVE-2022-37436, CVE-2022-25147, CVE-2006-20001]

2023-03-03 06:30:57

Security Bulletin: IBM HTTP Server is vulnerable to multiple vulnerabilities due to the included Apache HTTP Server and Apache Portable Runtime

2023-02-28 01:58:47

ubuntu

Apache HTTP Server vulnerabilities

2023-01-31 00:00:00

Apache HTTP Server vulnerabilities

2023-02-01 00:00:00

almalinux

Moderate: httpd:2.4 security and bug fix update

2023-02-21 00:00:00

Moderate: httpd security and bug fix update

2023-02-28 00:00:00

oraclelinux

httpd:2.4 security and bug fix update

2023-02-22 00:00:00

httpd security and bug fix update

2023-02-28 00:00:00

altlinux

Security fix for the ALT Linux 9 package apache2 version 1:2.4.55-alt1

2023-02-16 00:00:00

Security fix for the ALT Linux 10 package apache2 version 1:2.4.55-alt1

2023-02-07 00:00:00

amazon

Important: httpd

2023-02-17 00:10:00

Important: httpd24

2023-03-17 15:53:00

redhat

(RHSA-2023:0970) Moderate: httpd security and bug fix update

2023-02-28 07:53:34

(RHSA-2023:0852) Moderate: httpd:2.4 security and bug fix update

2023-02-21 08:48:58

(RHSA-2023:4629) Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 security update

2023-08-15 17:35:29

redos

ROS-20240603-04

2024-06-03 00:00:00

freebsd

Apache httpd -- Multiple vulnerabilities

2023-01-17 00:00:00

kaspersky

KLA20167 Multiple vulnerabilities in Apache HTTP Server

2023-01-17 00:00:00

fedora

[SECURITY] Fedora 36 Update: httpd-2.4.55-1.fc36

2023-02-03 01:42:01

[SECURITY] Fedora 37 Update: httpd-2.4.55-1.fc37

2023-01-28 01:27:38

rocky

httpd security and bug fix update

2023-04-06 15:53:36

httpd:2.4 security and bug fix update

2023-02-22 01:08:53

mageia

Updated apache packages fix security vulnerability

2023-02-07 03:06:39

slackware

[slackware-security] httpd

2023-01-18 06:23:09

debian

[SECURITY] [DLA 3351-1] apache2 security update

2023-03-03 16:35:17

[SECURITY] [DSA 5376-1] apache2 security update

2023-03-20 18:52:17

gentoo

Apache HTTPD: Multiple Vulnerabilities

2023-09-08 00:00:00

photon

Critical Photon OS Security Update - PHSA-2023-3.0-0522

2023-01-31 00:00:00

Critical Photon OS Security Update - PHSA-2023-4.0-0325

2023-02-01 00:00:00

rosalinux

Advisory ROSA-SA-2023-2161

2023-05-03 11:17:19

qualysblog

Oracle Patch Tuesday April 2023 Security Update Review

2023-04-19 11:47:21

HP Device Manager Security Updates

2023-04-13 00:00:00

ics

Siemens SCALANCE XCM-/XRM-300

2024-02-15 12:00:00

oracle

Oracle Critical Patch Update Advisory - July 2023

2023-07-18 00:00:00

Oracle Critical Patch Update Advisory - April 2023

2023-04-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.023 Low

EPSS

Percentile

89.6%

JSON

Related for NVD:CVE-2022-36760

nessus51 cbl_mariner2 osv10 redhatcve1 cve1 ubuntucve1 cloudlinux1 alpinelinux1 prion1 f51 debiancve1 broadcom1 cvelist1 veracode1 openvas32 ibm9 ubuntu2 almalinux2 oraclelinux2 altlinux2 amazon2 redhat4 redos1 freebsd1 kaspersky1 fedora2 rocky2 mageia1 slackware1 debian2 gentoo1 photon2 rosalinux1 qualysblog1 hp1 ics1 oracle2