CVE-2022-22720

Опубликовано: 14 мар. 2022

Источник: debian

EPSS Средний

Описание

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
apache2	fixed	2.4.53-1		package
apache2	fixed	2.4.53-1~deb11u1	bullseye	package
apache2	fixed	2.4.38-3+deb10u8	buster	package

Примечания

https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-22720
Fixed by: https://svn.apache.org/r1898692

EPSS

Процентиль: 96%

0.29926

Средний

Связанные уязвимости

CVE-2022-22720

CVSS3: 9.8

ubuntu

больше 3 лет назад

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling

CVE-2022-22720

CVSS3: 8.3

redhat

больше 3 лет назад

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling

CVE-2022-22720

CVSS3: 9.8

nvd

больше 3 лет назад

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling

CVE-2022-22720

CVSS3: 9.8

msrc

больше 3 лет назад

Описание отсутствует

RLSA-2022:1049

rocky

больше 3 лет назад

Important: httpd:2.4 security update

EPSS

Процентиль: 96%

0.29926

Средний