CVE-2022-36760

CRITICAL9.0EPSS 0.31%

Apache HTTP Server: mod_proxy_ajp Possible request smuggling

發布日:2023/1/17修改日:2025/5/20

也稱為:ALPINE-CVE-2022-36760BIT-apache-2022-36760

描述

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.

受影響套件(3)

Alpine/apache2from 0, < 2.4.55-r0
Bitnami/apache>= 2.4.0, < 2.4.55
Debian/apache2from 0, < 2.4.56-1~deb11u1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	CRITICAL9.0	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

參考連結(5)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2022-36760
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2022-36760
WEBhttps://httpd.apache.org/security/vulnerabilities_24.html
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2022-36760
WEBhttps://security.gentoo.org/glsa/202309-01