F5F5:K67090077

HistoryMay 13, 2022 - 12:00 a.m.

K67090077 : Apache HTTP Server vulnerability CVE-2022-22720

2022-05-1300:00:00

my.f5.com

apache http server

vulnerability

cve-2022-22720

http request smuggling

data breach

confidentiality

integrity

availability

authenticated user

privilege level

AI Score

9.5

Confidence

High

EPSS

0.008

Percentile

81.1%

JSON

Security Advisory Description

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling. (CVE-2022-22720)

Impact

Any authenticated user may exploit this vulnerability and cause a breach in data confidentiality, integrity, and availability.

Note: Only authenticated users, with any privilege level, can exploit this vulnerability.

redhatcve

CVE-2022-22720

2022-03-15 14:43:48

nessus

RHEL 8 : httpd:2.4 (RHSA-2022:1102)

2022-04-01 00:00:00

CentOS 7 : httpd (CESA-2022:1045)

2022-03-29 00:00:00

NewStart CGSL CORE 5.04 / MAIN 5.04 : httpd Vulnerability (NS-SA-2022-0076)

2022-11-14 00:00:00

prion

Design/Logic Flaw

2022-03-14 11:15:00

redhat

(RHSA-2022:1075) Important: httpd24-httpd security update

2022-03-28 09:02:53

(RHSA-2022:1072) Important: httpd:2.4 security update

2022-03-28 08:51:50

(RHSA-2022:1080) Important: httpd:2.4 security update

2022-03-28 10:33:53

oraclelinux

httpd security update

2022-03-24 00:00:00

httpd security update

2022-03-31 00:00:00

httpd:2.4 security update

2022-03-25 00:00:00

openvas

CentOS: Security Advisory for httpd (CESA-2022:1045)

2022-03-30 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:14924-1)

2022-03-22 00:00:00

Debian: Security Advisory (DLA-2960-1)

2022-03-23 00:00:00

osv

Important: httpd:2.4 security update

2022-03-24 10:44:04

CVE-2022-22720

2022-03-14 11:15:09

BIT-apache-2022-22720

2024-03-06 10:53:47

ibm

Security Bulletin: IBM Rational Build Forge is vulnerable to HTTP request smuggling due to use of Apache HTTP server CVE-2022-22720

2022-07-21 05:31:40

Security Bulletin: Vulnerability in Apache HTTP (CVE-2022-22720) affects Power HMC

2022-05-31 08:04:52

Security Bulletin: IBM Aspera Orchestrator was vulnerable to HTTP request smuggling due to an Apache HTTP Server vulnerability (CVE-2022-22720)

2023-02-02 17:45:06

nvd

CVE-2022-22720

2022-03-14 11:15:09

ubuntucve

CVE-2022-22720

2022-03-14 00:00:00

debiancve

CVE-2022-22720

2022-03-14 11:15:09

veracode

HTTP Request Smuggling

2022-03-15 10:13:11

httpd

Apache Httpd < 2.4.53 : HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier

2022-03-14 00:00:00

alpinelinux

CVE-2022-22720

2022-03-14 11:15:09

cbl_mariner

CVE-2022-22720 affecting package httpd for versions less than 2.4.53-1

2022-04-26 19:57:38

CVE-2022-22720 affecting package httpd 2.4.52-1

2022-04-07 06:04:02

cvelist

CVE-2022-22720 HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier

2022-03-14 10:15:29

almalinux

Important: httpd:2.4 security update

2022-03-24 10:44:04

centos

httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update

2022-03-29 13:35:36

rocky

httpd:2.4 security update

2022-03-24 10:44:04

cve

CVE-2022-22720

2022-03-14 11:15:09

cloudlinux

Fix of CVE: CVE-2022-22721, CVE-2022-22720

2022-03-24 15:36:17

amazon

Important: httpd

2022-04-25 22:57:00

Important: httpd24

2022-04-26 17:12:00

altlinux

Security fix for the ALT Linux 10 package apache2 version 1:2.4.53-alt1

2022-03-25 00:00:00

Security fix for the ALT Linux 9 package apache2 version 1:2.4.53-alt1

2022-03-29 00:00:00

redos

ROS-20220317-01

2022-03-17 00:00:00

suse

Security update for apache2 (important)

2022-03-29 00:00:00

slackware

[slackware-security] httpd

2022-03-15 01:06:06

mageia

Updated apache packages fix security vulnerability

2022-03-21 23:18:30

ubuntu

Apache HTTP Server vulnerabilities

2022-03-17 00:00:00

Apache HTTP Server vulnerabilities

2022-03-17 00:00:00

kaspersky

KLA12485 Multiple vulnerabilities in Apache HTTP Server

2022-03-14 00:00:00

debian

[SECURITY] [DLA 2960-1] apache2 security update

2022-03-22 07:32:37

freebsd

Apache httpd -- Multiple vulnerabilities

2022-03-14 00:00:00

photon

Critical Photon OS Security Update - PHSA-2022-0455

2022-03-25 00:00:00

Critical Photon OS Security Update - PHSA-2022-0166

2022-03-25 00:00:00

Critical Photon OS Security Update - PHSA-2022-4.0-0166

2022-03-25 00:00:00

fedora

[SECURITY] Fedora 35 Update: httpd-2.4.53-1.fc35

2022-03-22 03:44:42

[SECURITY] Fedora 34 Update: httpd-2.4.53-1.fc34

2022-03-25 22:06:50

[SECURITY] Fedora 36 Update: httpd-2.4.53-1.fc36

2022-03-26 15:55:33

thn

QNAP Advises Users to Update NAS Firmware to Patch Apache HTTP Vulnerabilities

2022-04-22 08:15:00

rosalinux

Advisory ROSA-SA-2023-2158

2023-04-25 11:30:17

Advisory ROSA-SA-2023-2160

2023-04-25 12:02:31

ics

Mitsubishi Electric MELSOFT iQ AppPortal

2022-05-12 12:00:00

gentoo

Apache HTTPD: Multiple Vulnerabilities

2022-08-14 00:00:00

apple

About the security content of Security Update 2022-004 Catalina

2022-05-16 00:00:00

About the security content of macOS Big Sur 11.6.6

2022-05-16 00:00:00

About the security content of macOS Monterey 12.4

2022-05-16 00:00:00

oracle

Oracle Critical Patch Update Advisory - October 2022

2022-10-18 00:00:00

Oracle Critical Patch Update Advisory - July 2022

2022-07-19 00:00:00

Oracle Critical Patch Update Advisory - April 2022

2022-04-19 00:00:00

K67090077 : Apache HTTP Server vulnerability CVE-2022-22720

Security Advisory Description

Related