CVE-2022-22720

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-22720
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-22720.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-22720
Aliases
Downstream
Related
Published
2022-03-14T10:15:29Z
Modified
2026-05-13T03:52:18.703625886Z
Summary
HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier
Details

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling

Database specific 
{
    "cna_assigner": "apache",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/22xxx/CVE-2022-22720.json",
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "Apache HTTP Server 2.4"
                },
                {
                    "last_affected": "2.4.52"
                }
            ]
        }
    ],
    "cwe_ids": [
        "CWE-444"
    ]
}
References

Affected packages

Git / github.com/apache/httpd

Affected ranges

Type
GIT
Repo
https://github.com/apache/httpd
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
fed3b8a079835cd63648d8903bc69243ce2c472a
Database specific 
{
    "source": "CPE_FIELD",
    "cpe": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.52"
        }
    ]
}

Affected versions

2.*
2.4.52
candidate-2.*
candidate-2.4.52-rc1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-22720.json"