'[oss-security] CVE-2022-36760: Apache HTTP Server: mod_proxy_ajp Possible request smuggling'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2022-36760: Apache HTTP Server: mod_proxy_ajp Possible request smuggling
From:       Eric Covener <covener () apache ! org>
Date:       2023-01-17 19:09:18
Message-ID: eff1e2ba-5f3c-beb7-9fb3-a94eb11309a6 () apache ! org
[Download RAW message or body]

Severity: moderate

Description:

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in \
mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it \
forwards requests to.  This issue affects Apache HTTP Server Apache HTTP Server 2.4 version \
2.4.54 and prior versions.

Credit:

ZeddYu_Lu from Qi'anxin Research Institute of Legendsec at Qi'anxin Group (finder)

References:

https://httpd.apache.org/security/vulnerabilities_24.html
https://httpd.apache.org/
https://www.cve.org/CVERecord?id=CVE-2022-36760

Timeline:

2022-07-12: Reported to security team

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic