CVE-2022-22720

Summary

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache HTTP ServerApache HTTP Server 2.4 <= 2.4.52affected

Weaknesses

  • CWE-444: CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

ADP Enrichment

CVE Program Container

Additional References

References