CVE-2022-22720
CRITICAL | Platform: macOS | Changelog
CVE Details
Description
Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling
CVSS 3.1 Score
| Metric | Value |
|---|---|
| Base Score | 9.8 (CRITICAL) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Weakness
References
- Apple Security Advisory
- NVD Entry
- http://seclists.org/fulldisclosure/2022/May/33 (Mailing List, Third Party Advisory)
- http://seclists.org/fulldisclosure/2022/May/35 (Mailing List, Third Party Advisory)
- http://seclists.org/fulldisclosure/2022/May/38 (Mailing List, Third Party Advisory)
- http://www.openwall.com/lists/oss-security/2022/03/14/3 (Mailing List, Third Party Advisory)
- https://httpd.apache.org/security/vulnerabilities_24.html (Vendor Advisory)
- https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html (Mailing List, Third Party Advisory)
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/