CVE-2022-36760

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2022-36760
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2023-01-17 20:15:00 UTC
Updated2023-09-08 22:15:00 UTC
DescriptionInconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.

Risk And Classification

Problem Types: CWE-444

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Application Apache Http Server All All All All

References

ReferenceSourceLinkTags
Apache HTTP Server 2.4 vulnerabilities - The Apache HTTP Server Project MISC httpd.apache.org
Apache HTTPD: Multiple Vulnerabilities (GLSA 202309-01) — Gentoo security MISC security.gentoo.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 150640 Apache HTTP Server Prior to 2.4.55 Multiple Security Vulnerabilities
  • 160477 Oracle Enterprise Linux Security Update for httpd:2.4 (ELSA-2023-0852)
  • 160485 Oracle Enterprise Linux Security Update for httpd (ELSA-2023-0970)
  • 181620 Debian Security Update for apache2 (DLA 3351-1)
  • 181660 Debian Security Update for apache2 (DSA 5376-1)
  • 184479 Debian Security Update for apache2 (CVE-2022-36760)
  • 199145 Ubuntu Security Notification for Apache Hypertext Transfer Protocol (HTTP) Server Vulnerabilities (USN-5839-1)
  • 199484 Ubuntu Security Notification for Apache Hypertext Transfer Protocol (HTTP) Server Vulnerabilities (USN-5834-1)
  • 241210 Red Hat Update for httpd:2.4 (RHSA-2023:0852)
  • 241220 Red Hat Update for httpd (RHSA-2023:0970)
  • 241954 Red Hat Update for JBoss Core Services (RHSA-2023:4629)
  • 283640 Fedora Security Update for httpd (FEDORA-2023-f6ff3f85eb)
  • 283670 Fedora Security Update for httpd (FEDORA-2023-6d4055d482)
  • 354767 Amazon Linux Security Advisory for httpd : ALAS2-2023-1938
  • 354845 Amazon Linux Security Advisory for httpd24 : ALAS-2023-1711
  • 355218 Amazon Linux Security Advisory for httpd : ALAS2023-2023-115
  • 378372 IBM Hypertext Transfer Protocol (HTTP) Server Multiple Vulnerabilities (6955577)
  • 502635 Alpine Linux Security Update for apache2
  • 503097 Alpine Linux Security Update for apache2
  • 503858 Alpine Linux Security Update for apache2
  • 505846 Alpine Linux Security Update for apache2
  • 672790 EulerOS Security Update for httpd (EulerOS-SA-2023-1550)
  • 672801 EulerOS Security Update for httpd (EulerOS-SA-2023-1525)
  • 672865 EulerOS Security Update for httpd (EulerOS-SA-2023-1596)
  • 672903 EulerOS Security Update for httpd (EulerOS-SA-2023-1780)
  • 672910 EulerOS Security Update for httpd (EulerOS-SA-2023-1758)
  • 672999 EulerOS Security Update for httpd (EulerOS-SA-2023-1847)
  • 673013 EulerOS Security Update for httpd (EulerOS-SA-2023-1872)
  • 673065 EulerOS Security Update for httpd (EulerOS-SA-2023-2148)
  • 691030 Free Berkeley Software Distribution (FreeBSD) Security Update for apache httpd (00919005-96a3-11ed-86e9-d4c9ef517024)
  • 753594 SUSE Enterprise Linux Security Update for apache2 (SUSE-SU-2023:0183-1)
  • 753595 SUSE Enterprise Linux Security Update for apache2 (SUSE-SU-2023:0185-1)
  • 753638 SUSE Enterprise Linux Security Update for apache2 (SUSE-SU-2023:0294-1)
  • 753653 SUSE Enterprise Linux Security Update for apache2 (SUSE-SU-2023:0321-1)
  • 753658 SUSE Enterprise Linux Security Update for apache2 (SUSE-SU-2023:0322-1)
  • 905269 Common Base Linux Mariner (CBL-Mariner) Security Update for httpd (13019)
  • 905277 Common Base Linux Mariner (CBL-Mariner) Security Update for httpd (13027)
  • 905473 Common Base Linux Mariner (CBL-Mariner) Security Update for httpd (13019-1)
  • 905524 Common Base Linux Mariner (CBL-Mariner) Security Update for httpd (13027-1)
  • 940931 AlmaLinux Security Update for httpd:2.4 (ALSA-2023:0852)
  • 940948 AlmaLinux Security Update for httpd (ALSA-2023:0970)
  • 960655 Rocky Linux Security Update for httpd:2.4 (RLSA-2023:0852)
  • 960890 Rocky Linux Security Update for httpd (RLSA-2023:0970)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report