CVE-2022-36760

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-36760
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-36760.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-36760
Aliases
Downstream
Related
Published
2023-01-17T19:11:55.106Z
Modified
2026-06-18T04:08:28.513635708Z
Severity
  • 9.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
Apache HTTP Server: mod_proxy_ajp Possible request smuggling
Details

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.

Database specific 
{
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "2.4"
                },
                {
                    "last_affected": "2.4.54"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ],
    "cna_assigner": "apache",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/36xxx/CVE-2022-36760.json",
    "cwe_ids": [
        "CWE-444"
    ]
}
References

Affected packages

Git / github.com/apache/httpd

Affected ranges

Type
GIT
Repo
https://github.com/apache/httpd
Events
Introduced
da5873e80d6eee7a0838793bf68f1d0254745fbb
Fixed
8201e867f1d4cdf61840625c6c4be901e3f1b6ba
Database specific 
{
    "extracted_events": [
        {
            "introduced": "2.4.0"
        },
        {
            "fixed": "2.4.55"
        }
    ],
    "cpe": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE"
}

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-36760.json"