Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2022-22720

Published: 14/03/2022 Updated: 07/11/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 670
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Http Server

Vulnerability Summary

Apache HTTP Server 2.4.52 and previous versions fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache http server

fedoraproject fedora 34

fedoraproject fedora 35

fedoraproject fedora 36

debian debian linux 9.0

oracle http server 12.2.1.3.0

oracle http server 12.2.1.4.0

oracle enterprise manager ops center 12.4.0.0

oracle zfs storage appliance kit 8.8

apple macos

apple mac os x 10.15.7

Vendor Advisories

Ubuntu Security Notice: USN-5333-2: Apache HTTP Server vulnerabilities
Several security issues were fixed in Apache HTTP Server ...
Ubuntu Security Notice: USN-5333-1: Apache HTTP Server vulnerabilities
Several security issues were fixed in Apache HTTP Server ...
Amazon Linux 2: ALAS2-2022-1783
A flaw was found in the mod_lua module of httpd A crafted request body can cause a read to a random memory area due to an uninitialized value in functions called by the parsebody function The highest treat of this vulnerability is availability (CVE-2022-22719) A flaw was found in httpd The inbound connection is not closed when it fails to disca ...
Amazon Linux AMI: ALAS-2022-1584
A flaw was found in the mod_lua module of httpd A crafted request body can cause a read to a random memory area due to an uninitialized value in functions called by the parsebody function The highest treat of this vulnerability is availability (CVE-2022-22719) A flaw was found in httpd The inbound connection is not closed when it fails to disca ...
Red Hat: Important: httpd:2.4 security update
Synopsis Important: httpd:24 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the httpd:24 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this upda ...
Red Hat: Important: httpd:2.4 security update
Synopsis Important: httpd:24 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the httpd:24 module is now available for Red Hat Enterprise Linux 81 Update Services for SAP SolutionsRed Hat ...
Red Hat: Important: httpd security update
Synopsis Important: httpd security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for httpd is now available for Red Hat Enterprise Linux 6 Extended Lifecycle SupportRed Hat Product Security has rated t ...
Red Hat: Important: httpd:2.4 security update
Synopsis Important: httpd:24 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the httpd:24 module is now available for Red Hat Enterprise Linux 82 Extended Update SupportRed Hat Product Se ...
Red Hat: Important: httpd security update
Synopsis Important: httpd security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for httpd is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a secu ...
Red Hat: Important: httpd24-httpd security update
Synopsis Important: httpd24-httpd security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for httpd24-httpd is now available for Red Hat Software CollectionsRed Hat Product Security has rated this updat ...
Red Hat: Important: httpd:2.4 security update
Synopsis Important: httpd:24 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the httpd:24 module is now available for Red Hat Enterprise Linux 84 Extended Update SupportRed Hat Product Se ...
Red Hat: Important: httpd security update
Synopsis Important: httpd security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for httpd is now available for Red Hat Enterprise Linux 77 Advanced Update Support, Red Hat Enterprise Linux 77 Telco E ...
Red Hat: Important: httpd security update
Synopsis Important: httpd security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for httpd is now available for Red Hat Enterprise Linux 76 Advanced Update Support, Red Hat Enterprise Linux 76 Telco E ...
Red Hat: Important: httpd security update
Synopsis Important: httpd security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for httpd is now available for Red Hat Enterprise Linux 73 Advanced Update SupportRed Hat Product Security has rated th ...
Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP11 security update
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2437 SP11 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Updated packages that provide Red Hat JBoss Core Services Apache HTTP Server 2 ...
Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP11 security update
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2437 SP11 security update Type/Severity Security Advisory: Important Topic Red Hat JBoss Core Services Apache HTTP Server 2437 Service Pack 11 zip release for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Microsoft Windows is availableRed Hat Product Securit ...
Red Hat: Important: httpd security update
Synopsis Important: httpd security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for httpd is now available for Red Hat Enterprise Linux 74 Advanced Update SupportRed Hat Product Security has rated th ...
Red Hat:
Apache HTTP Server 2452 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling ...
Amazon Linux 2022: ALAS2022-2022-053
A flaw was found in the mod_lua module of httpd A crafted request body can cause a read to a random memory area due to an uninitialized value in functions called by the parsebody function The highest treat of this vulnerability is availability (CVE-2022-22719) A flaw was found in httpd The inbound connection is not closed when it fails to disca ...
Apple: macOS Monterey 12.4
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page Apple security documents reference vulnerabilities by CVE-ID&nbsp ...
Hitachi Security Advisories: Vulnerability in Cosminexus HTTP Server and Hitachi Web Server
A vulnerability (CVE-2022-22720) exists in Cosminexus HTTP Server and Hitachi Web Server Affected products and versions are listed below Please upgrade your version to the appropriate version ...
Hitachi Security Advisories: Vulnerability in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center
A vulnerability (CVE-2022-22720) exists in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Affected products and versions are listed below Please upgrade your version to the appropriate version The product name in Hitachi Command Suite is changed ...
Hitachi Security Advisories: Vulnerability in JP1 and Hitachi IT Operations Director
A vulnerability (CVE-2022-22720) exists in JP1 and Hitachi IT Operations Director Affected products and versions are listed below Please upgrade your version to the appropriate version ...

ICS Advisories

Mitsubishi Electric MELSOFT iQ AppPortal
Critical Infrastructure Sectors: Critical Manufacturing

References

CWE-444https://httpd.apache.org/security/vulnerabilities_24.htmlhttp://www.openwall.com/lists/oss-security/2022/03/14/3https://security.netapp.com/advisory/ntap-20220321-0001/https://lists.debian.org/debian-lts-announce/2022/03/msg00033.htmlhttps://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://support.apple.com/kb/HT213256https://support.apple.com/kb/HT213257https://support.apple.com/kb/HT213255http://seclists.org/fulldisclosure/2022/May/38http://seclists.org/fulldisclosure/2022/May/33http://seclists.org/fulldisclosure/2022/May/35https://www.oracle.com/security-alerts/cpujul2022.htmlhttps://security.gentoo.org/glsa/202208-20https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/https://nvd.nist.govhttps://ubuntu.com/security/notices/USN-5333-2https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-02
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook