Back to search
CVE-2022-26377
Published: Jun 8, 2022
Modified: Aug 3, 2024
PUBLISHED
Description
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache HTTP Server | affected Apache HTTP Server 2.4 - <= 2.4.53 |
Weaknesses (CWE)
References
https://httpd.apache.org/security/vulnerabilities_24.html
x_refsource_MISC
[oss-security] 20220608 CVE-2022-26377: Apache HTTP Server: mod_proxy_ajp: Possible request smuggling
mailing-list
x_refsource_MLIST
https://security.netapp.com/advisory/ntap-20220624-0005/
x_refsource_CONFIRM
FEDORA-2022-e620fb15d5
vendor-advisory
x_refsource_FEDORA
FEDORA-2022-b54a8dee29
vendor-advisory
x_refsource_FEDORA
GLSA-202208-20
vendor-advisory
x_refsource_GENTOO
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now