Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling. (CVE-2022-22720)
Impact
Any authenticated user may exploit this vulnerability and cause a breach in data confidentiality, integrity, and availability.
Note: Only authenticated users, with any privilege level, can exploit this vulnerability.