Inconsistent Interpretation of HTTP Requests (‘HTTP Request Smuggling’) vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.

References

httpd.apache.org/security/vulnerabilities_24.html

security.gentoo.org/glsa/202309-01

nessus 53

cbl_mariner 2

redhatcve 1

nvd 1

cve 1

f5 1

prion 1

ubuntucve 1

cloudlinux 1

osv 10

alpinelinux 1

debiancve 1

cvelist 1

veracode 1

broadcom 1

ibm 10

openvas 33

ubuntu 2

altlinux 2

almalinux 2

oraclelinux 2

fedora 2

rocky 2

redos 1

amazon 2

redhat 4

freebsd 1

kaspersky 1

mageia 1

slackware 1

debian 2

gentoo 1

photon 2

rosalinux 1

qualysblog 1

hp 1

ics 1

oracle 2

nessus

CBL Mariner 2.0 Security Update: httpd (CVE-2022-36760)

2023-03-20 00:00:00

F5 Networks BIG-IP : Apache HTTP server vulnerability (K000132643)

2023-11-02 00:00:00

Ubuntu 16.04 ESM : Apache HTTP Server vulnerabilities (USN-5834-1)

2023-01-31 00:00:00

cbl_mariner

CVE-2022-36760 affecting package httpd 2.4.54-1

2023-02-14 02:35:58

CVE-2022-36760 affecting package httpd for versions less than 2.4.55-1

2023-02-14 20:36:06

redhatcve

CVE-2022-36760

2023-01-18 19:05:48

nvd

CVE-2022-36760

2023-01-17 20:15:11

cve

CVE-2022-36760

2023-01-17 20:15:11

K000132643 : Apache HTTP server vulnerability CVE-2022-36760

2023-02-22 00:00:00

prion

Design/Logic Flaw

2023-01-17 20:15:00

ubuntucve

CVE-2022-36760

2023-01-17 00:00:00

cloudlinux

httpd: Fix of CVE-2022-36760

2023-01-30 20:52:19

osv

CVE-2022-36760

2023-01-17 20:15:11

apache2 vulnerabilities

2023-01-31 13:13:51

apache2 vulnerabilities

2023-02-01 13:09:22

alpinelinux

CVE-2022-36760

2023-01-17 20:15:11

debiancve

CVE-2022-36760

2023-01-17 20:15:11

cvelist

CVE-2022-36760 Apache HTTP Server: mod_proxy_ajp Possible request smuggling

2023-01-17 19:11:55

veracode

HTTP Request Smuggling

2023-01-23 12:46:08

broadcom

CVE-2022-36760 - HTTP Request Smuggling

2023-05-02 00:00:00

ibm

Security Bulletin: Vulnerability in Apache HTTP Server (CVE-2022-36760 and CVE-2022-37436 ) affects Power HMC

2023-06-20 09:31:46

Security Bulletin: Multiple security vulnerabilities has been identified in IBM HTTP Server shipped with IBM Rational ClearCase [CVE-2022-28331, CVE-2022-36760, CVE-2022-37436, CVE-2022-25147, CVE-2006-20001]

2023-03-03 06:30:57

Security Bulletin: IBM HTTP Server is vulnerable to multiple vulnerabilities due to the included Apache HTTP Server and Apache Portable Runtime

2023-02-28 01:58:47

openvas

Ubuntu: Security Advisory (USN-5834-1)

2023-02-01 00:00:00

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-2240)

2023-06-12 00:00:00

Fedora: Security Advisory for httpd (FEDORA-2023-f6ff3f85eb)

2023-01-29 00:00:00

ubuntu

Apache HTTP Server vulnerabilities

2023-01-31 00:00:00

Apache HTTP Server vulnerabilities

2023-02-01 00:00:00

altlinux

Security fix for the ALT Linux 9 package apache2 version 1:2.4.55-alt1

2023-02-16 00:00:00

Security fix for the ALT Linux 10 package apache2 version 1:2.4.55-alt1

2023-02-07 00:00:00

almalinux

Moderate: httpd:2.4 security and bug fix update

2023-02-21 00:00:00

Moderate: httpd security and bug fix update

2023-02-28 00:00:00

oraclelinux

httpd:2.4 security and bug fix update

2023-02-22 00:00:00

httpd security and bug fix update

2023-02-28 00:00:00

fedora

[SECURITY] Fedora 37 Update: httpd-2.4.55-1.fc37

2023-01-28 01:27:38

[SECURITY] Fedora 36 Update: httpd-2.4.55-1.fc36

2023-02-03 01:42:01

rocky

httpd security and bug fix update

2023-04-06 15:53:36

httpd:2.4 security and bug fix update

2023-02-22 01:08:53

redos

ROS-20240603-04

2024-06-03 00:00:00

amazon

Important: httpd

2023-02-17 00:10:00

Important: httpd24

2023-03-17 15:53:00

redhat

(RHSA-2023:0970) Moderate: httpd security and bug fix update

2023-02-28 07:53:34

(RHSA-2023:0852) Moderate: httpd:2.4 security and bug fix update

2023-02-21 08:48:58

(RHSA-2023:4629) Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 security update

2023-08-15 17:35:29

freebsd

Apache httpd -- Multiple vulnerabilities

2023-01-17 00:00:00

kaspersky

KLA20167 Multiple vulnerabilities in Apache HTTP Server

2023-01-17 00:00:00

mageia

Updated apache packages fix security vulnerability

2023-02-07 03:06:39

slackware

[slackware-security] httpd

2023-01-18 06:23:09

debian

[SECURITY] [DLA 3351-1] apache2 security update

2023-03-03 16:35:17

[SECURITY] [DSA 5376-1] apache2 security update

2023-03-20 18:52:17

gentoo

Apache HTTPD: Multiple Vulnerabilities

2023-09-08 00:00:00

photon

Critical Photon OS Security Update - PHSA-2023-3.0-0522

2023-01-31 00:00:00

Critical Photon OS Security Update - PHSA-2023-4.0-0325

2023-02-01 00:00:00

rosalinux

Advisory ROSA-SA-2023-2161

2023-05-03 11:17:19

qualysblog

Oracle Patch Tuesday April 2023 Security Update Review

2023-04-19 11:47:21

HP Device Manager Security Updates

2023-04-13 00:00:00

ics

Siemens SCALANCE XCM-/XRM-300

2024-02-15 12:00:00

oracle

Oracle Critical Patch Update Advisory - July 2023

2023-07-18 00:00:00

Oracle Critical Patch Update Advisory - April 2023

2023-04-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

Confidence

Low

EPSS

0.023

Percentile

90.0%

JSON

Related for OSV:BIT-APACHE-2022-36760