CVE-2022-22720: simpler connection close logic if discarding the request body fails
CVE-2022-22721: make sure and check that LimitXMLRequestBody fits in system memory

OSVersionArchitecturePackageVersionFilename
Centos6i686httpd-devel< 2.2.15httpd-2.2.15-72.el6.tuxcare.els4.src.rpm
Centos6x86_64mod_ssl< 2.2.15httpd-2.2.15-72.el6.tuxcare.els4.src.rpm
Centos6x86_64httpd-devel< 2.2.15httpd-2.2.15-72.el6.tuxcare.els4.src.rpm
Centos6x86_64httpd-tools< 2.2.15httpd-2.2.15-72.el6.tuxcare.els4.src.rpm
Centos6noarchhttpd-manual< 2.2.15httpd-2.2.15-72.el6.tuxcare.els4.src.rpm
Centos6x86_64httpd< 2.2.15httpd-2.2.15-72.el6.tuxcare.els4.src.rpm

OS	Version	Architecture	Package	Version	Filename
Centos	6	i686	httpd-devel	< 2.2.15	httpd-2.2.15-72.el6.tuxcare.els4.src.rpm
Centos	6	x86_64	mod_ssl	< 2.2.15	httpd-2.2.15-72.el6.tuxcare.els4.src.rpm
Centos	6	x86_64	httpd-devel	< 2.2.15	httpd-2.2.15-72.el6.tuxcare.els4.src.rpm
Centos	6	x86_64	httpd-tools	< 2.2.15	httpd-2.2.15-72.el6.tuxcare.els4.src.rpm
Centos	6	noarch	httpd-manual	< 2.2.15	httpd-2.2.15-72.el6.tuxcare.els4.src.rpm
Centos	6	x86_64	httpd	< 2.2.15	httpd-2.2.15-72.el6.tuxcare.els4.src.rpm

References

errata.cloudlinux.com/els6/CLSA-2022-1648136177.html

nessus 60

ibm 20

openvas 32

slackware 1

suse 1

mageia 1

ubuntu 2

kaspersky 1

amazon 2

altlinux 2

osv 10

redos 1

debian 1

debiancve 2

alpinelinux 2

prion 2

nvd 2

redhat 13

ubuntucve 2

photon 5

veracode 2

httpd 2

redhatcve 2

cbl_mariner 4

cve 2

freebsd 1

zdi 1

cvelist 2

f5 2

oraclelinux 5

rocky 3

almalinux 2

centos 1

fedora 3

thn 1

rosalinux 2

ics 1

gentoo 1

nessus

SUSE SLES11 Security Update : apache2 (SUSE-SU-2022:14924-1)

2022-03-22 00:00:00

Debian DLA-2960-1 : apache2 - LTS security update

2022-03-22 00:00:00

EulerOS 2.0 SP9 : httpd (EulerOS-SA-2022-1867)

2022-06-15 00:00:00

ibm

Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to HTTP request smuggling and a buffer overflow (CVE-2022-22720, CVE-2022-22721)

2022-06-13 22:03:51

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server shipped with IBM WebSphere Application Server Pattern (CVE-2022-22719, CVE-2022-22720, CVE-2022-22721)

2022-05-11 22:11:24

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow and IBM Business Process Manager

2022-09-14 15:28:14

openvas

SUSE: Security Advisory (SUSE-SU-2022:14924-1)

2022-03-22 00:00:00

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-1893)

2022-06-17 00:00:00

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-1790)

2022-06-07 00:00:00

slackware

[slackware-security] httpd

2022-03-15 01:06:06

suse

Security update for apache2 (important)

2022-03-29 00:00:00

mageia

Updated apache packages fix security vulnerability

2022-03-21 23:18:30

ubuntu

Apache HTTP Server vulnerabilities

2022-03-17 00:00:00

Apache HTTP Server vulnerabilities

2022-03-17 00:00:00

kaspersky

KLA12485 Multiple vulnerabilities in Apache HTTP Server

2022-03-14 00:00:00

amazon

Important: httpd24

2022-04-26 17:12:00

Important: httpd

2022-04-25 22:57:00

altlinux

Security fix for the ALT Linux 9 package apache2 version 1:2.4.53-alt1

2022-03-29 00:00:00

Security fix for the ALT Linux 10 package apache2 version 1:2.4.53-alt1

2022-03-25 00:00:00

osv

apache2 vulnerabilities

2022-03-17 11:31:47

apache2 - security update

2022-03-22 00:00:00

apache2 vulnerabilities

2022-03-17 19:10:08

redos

ROS-20220317-01

2022-03-17 00:00:00

debian

[SECURITY] [DLA 2960-1] apache2 security update

2022-03-22 07:32:37

debiancve

CVE-2022-22721

2022-03-14 11:15:09

CVE-2022-22720

2022-03-14 11:15:09

alpinelinux

CVE-2022-22721

2022-03-14 11:15:09

CVE-2022-22720

2022-03-14 11:15:09

prion

Integer overflow

2022-03-14 11:15:00

Design/Logic Flaw

2022-03-14 11:15:00

nvd

CVE-2022-22721

2022-03-14 11:15:09

CVE-2022-22720

2022-03-14 11:15:09

redhat

(RHSA-2022:1072) Important: httpd:2.4 security update

2022-03-28 08:51:50

(RHSA-2022:1075) Important: httpd24-httpd security update

2022-03-28 09:02:53

(RHSA-2022:1102) Important: httpd:2.4 security update

2022-03-29 08:09:18

ubuntucve

CVE-2022-22720

2022-03-14 00:00:00

CVE-2022-22721

2022-03-14 00:00:00

photon

Critical Photon OS Security Update - PHSA-2022-0455

2022-03-25 00:00:00

Critical Photon OS Security Update - PHSA-2022-0166

2022-03-25 00:00:00

Critical Photon OS Security Update - PHSA-2022-4.0-0166

2022-03-25 00:00:00

veracode

HTTP Request Smuggling

2022-03-15 10:13:11

Integer Overflow

2022-03-15 10:12:50

httpd

Apache Httpd < 2.4.53 : core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody

2022-03-14 00:00:00

Apache Httpd < 2.4.53 : HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier

2022-03-14 00:00:00

redhatcve

CVE-2022-22721

2022-03-15 14:43:53

CVE-2022-22720

2022-03-15 14:43:48

cbl_mariner

CVE-2022-22721 affecting package httpd 2.4.52-1

2022-04-07 06:04:02

CVE-2022-22721 affecting package httpd for versions less than 2.4.53-1

2022-04-26 19:57:38

CVE-2022-22720 affecting package httpd 2.4.52-1

2022-04-07 06:04:02

cve

CVE-2022-22721

2022-03-14 11:15:09

CVE-2022-22720

2022-03-14 11:15:09

freebsd

Apache httpd -- Multiple vulnerabilities

2022-03-14 00:00:00

zdi

Apache HTTPD Server ap_escape_html2 Integer Overflow Remote Code Execution Vulnerability

2022-06-29 00:00:00

cvelist

CVE-2022-22721 core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody

2022-03-14 10:15:40

CVE-2022-22720 HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier

2022-03-14 10:15:29

K20451100 : Apache vulnerability CVE-2022-22721

2022-04-12 00:00:00

K67090077 : Apache HTTP Server vulnerability CVE-2022-22720

2022-05-13 00:00:00

oraclelinux

httpd security update

2022-03-24 00:00:00

httpd:2.4 security update

2022-03-25 00:00:00

httpd security update

2022-03-31 00:00:00

rocky

httpd:2.4 security update

2022-03-24 10:44:04

httpd security, bug fix, and enhancement update

2022-11-15 06:14:59

httpd:2.4 security update

2022-11-08 06:25:28

almalinux

Important: httpd:2.4 security update

2022-03-24 10:44:04

Moderate: httpd:2.4 security update

2022-11-08 00:00:00

centos

httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update

2022-03-29 13:35:36

fedora

[SECURITY] Fedora 34 Update: httpd-2.4.53-1.fc34

2022-03-25 22:06:50

[SECURITY] Fedora 36 Update: httpd-2.4.53-1.fc36

2022-03-26 15:55:33

[SECURITY] Fedora 35 Update: httpd-2.4.53-1.fc35

2022-03-22 03:44:42

thn

QNAP Advises Users to Update NAS Firmware to Patch Apache HTTP Vulnerabilities

2022-04-22 08:15:00

rosalinux

Advisory ROSA-SA-2023-2160

2023-04-25 12:02:31

Advisory ROSA-SA-2023-2158

2023-04-25 11:30:17

ics

Mitsubishi Electric MELSOFT iQ AppPortal

2022-05-12 12:00:00

gentoo

Apache HTTPD: Multiple Vulnerabilities

2022-08-14 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.008 Low

EPSS

Percentile

81.1%

JSON

Related for CLSA-2022:1648136177