Published: 17/01/2023 Updated: 08/09/2023

CVSS v3 Base Score: 9 | Impact Score: 6 | Exploitability Score: 2.2

VMScore: 0

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an malicious user to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache http server

Synopsis Moderate: httpd:24 security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the httpd:24 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated ...

Synopsis Moderate: Red Hat JBoss Core Services Apache HTTP Server 2457 security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat JBoss Core ServicesRed Hat Product Security h ...

Synopsis Moderate: Red Hat JBoss Core Services Apache HTTP Server 2457 security update Type/Severity Security Advisory: Moderate Topic Red Hat JBoss Core Services Apache HTTP Server 2457 is now availableRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) bas ...

Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in HTTP response splitting or denial of service For the stable distribution (bullseye), these problems have been fixed in version 2456-1~deb11u1 We recommend that you upgrade your apache2 packages For the detailed security status of apache2 please refer t ...

A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent This could cause the process to crash This issue affects Apache HTTP Server 2454 and earlier (CVE-2006-20001) Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulne ...

DescriptionThe MITRE CVE dictionary describes this issue as: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to This issue affects Apache HTTP Server Apache HTTP Server 24 version 2454 and pr ...

Severity Unknown Remote Unknown Type Unknown Description AVG-2824 apache 2454-3 2455-1 Unknown Fixed ...

Menu Log in ...

Critical Infrastructure Sectors: Critical Manufacturing

CWE-444 https://httpd.apache.org/security/vulnerabilities_24.html https://security.gentoo.org/glsa/202309-01 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2023:0852 https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-11 https://www.debian.org/security/2023/dsa-5376

CVE-2022-36760

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

References

Vulmon Search

About

Products

Connect