BIT-apache-2022-36760

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/apache/BIT-apache-2022-36760.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-apache-2022-36760

Aliases

CVE-2022-36760

Published

2024-03-06T10:51:40.066Z

Modified

2024-03-06T11:25:28.861Z

Summary

[none]

Details

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.

References

https://httpd.apache.org/security/vulnerabilities_24.html
https://security.gentoo.org/glsa/202309-01

Affected packages

Bitnami / apache

Package

Name: apache
Purl: pkg:bitnami/apache

Severity

9.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

2.4.0

Fixed

2.4.55