CVE-2022-22720

Опубликовано: 14 мар. 2022

Источник: debian

Описание

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
apache2	fixed	2.4.53-1		package
apache2	fixed	2.4.53-1~deb11u1	bullseye	package
apache2	fixed	2.4.38-3+deb10u8	buster	package

Примечания

https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-22720
Fixed by: https://svn.apache.org/r1898692

Связанные уязвимости

CVE-2022-22720

CVSS3: 9.8

ubuntu

около 4 лет назад

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling

CVE-2022-22720

CVSS3: 8.3

redhat

около 4 лет назад

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling

CVE-2022-22720

CVSS3: 9.8

nvd

около 4 лет назад

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling

CVE-2022-22720

CVSS3: 9.8

msrc

около 4 лет назад

HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier

RLSA-2022:1049

rocky

около 4 лет назад

Important: httpd:2.4 security update