Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.
References
Configurations
History
07 Nov 2023, 03:44
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
24 Aug 2022, 18:25
Type | Values Removed | Values Added |
---|---|---|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/ - Mailing List, Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/202208-20 - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/ - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220624-0005/ - Third Party Advisory | |
CPE | cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* |
|
First Time |
Fedoraproject
Netapp Netapp clustered Data Ontap Fedoraproject fedora |
15 Aug 2022, 11:19
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 Jul 2022, 05:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Jul 2022, 06:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
24 Jun 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Jun 2022, 16:37
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://httpd.apache.org/security/vulnerabilities_24.html - Vendor Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2022/06/08/2 - Mailing List, Third Party Advisory | |
First Time |
Apache
Apache http Server |
|
CWE | CWE-444 | |
CPE | cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
09 Jun 2022, 17:33
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-06-09 17:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-26377
Mitre link : CVE-2022-26377
CVE.ORG link : CVE-2022-26377
JSON object : View
Products Affected
apache
- http_server
netapp
- clustered_data_ontap
fedoraproject
- fedora
CWE
CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')