Inconsistent Interpretation of HTTP Requests (‘HTTP Request Smuggling’) vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.

Impact

Information disclosure, RCE

githubexploit 1

prion 1

nessus 43

veracode 1

cve 1

httpd 1

ibm 13

osv 8

alpinelinux 1

debiancve 1

redhatcve 1

f5 1

cvelist 1

ubuntucve 1

checkpoint_advisories 1

ics 1

cloudlinux 1

thn 2

mageia 1

openvas 31

ubuntu 2

fedora 2

slackware 1

amazon 2

altlinux 2

redos 1

freebsd 1

kaspersky 1

photon 5

almalinux 2

oraclelinux 2

rocky 2

rosalinux 1

redhat 5

gentoo 1

oracle 2

githubexploit

Exploit for HTTP Request Smuggling in Apache Http Server

2024-04-12 03:59:03

prion

Design/Logic Flaw

2022-06-09 17:15:00

nessus

F5 Networks BIG-IP : Apache vulnerability (K26314875)

2023-06-23 00:00:00

Apache 2.4.x < 2.4.54 HTTP Request Smuggling Vulnerability

2024-04-17 00:00:00

Apache 2.4.x < 2.4.55 Multiple Vulnerabilities

2023-01-18 00:00:00

veracode

HTTP Request Smuggling (HRS)

2022-06-12 17:52:26

cve

CVE-2022-26377

2022-06-09 17:15:00

httpd

Apache Httpd < 2.4.54 : mod_proxy_ajp: Possible request smuggling

2022-06-08 00:00:00

ibm

Security Bulletin: IBM Aspera Orchestrator vulnerable to HTTP request smuggling due to an Apache HTTP Server vulnerability (CVE-2022-26377)

2023-02-02 17:43:12

Security Bulletin: IBM Rational Build Forge is vulnerable to HTTP request smuggling due to the use of Apache HTTP server (CVE-2022-26377).

2023-10-19 16:10:47

Security Bulletin: IBM QRadar SIEM is vulnerable to AJP Smuggling (CVE-2022-26377)

2024-04-11 13:44:07

osv

CVE-2022-26377

2022-06-09 17:15:09

BIT-apache-2022-26377

2024-03-06 10:53:16

apache2 regression

2022-06-23 20:19:44

alpinelinux

CVE-2022-26377

2022-06-09 17:15:00

debiancve

CVE-2022-26377

2022-06-09 17:15:00

redhatcve

CVE-2022-26377

2022-06-08 19:32:50

K26314875 : Apache vulnerability CVE-2022-26377

2022-06-23 00:00:00

cvelist

CVE-2022-26377 mod_proxy_ajp: Possible request smuggling

2022-06-08 10:00:20

ubuntucve

CVE-2022-26377

2022-06-09 00:00:00

checkpoint_advisories

Apache Tomcat AJP File Inclusion (CVE-2020-1938; CVE-2022-26377)

2020-02-25 00:00:00

ics

Mitsubishi Electric MELSOFT iQ AppPortal

2023-02-21 12:00:00

cloudlinux

Fixed CVEs in httpd: CVE-2022-31813, CVE-2022-28615, CVE-2022-26377

2022-06-28 20:14:01

thn

F5 Issues Warning: BIG-IP Vulnerability Allows Remote Code Execution

2023-10-27 04:23:00

U.S. Cybersecurity Agency CISA Adds Three New Vulnerabilities in KEV Catalog

2023-02-22 05:38:00

mageia

Updated apache packages fix security vulnerability

2022-06-13 23:44:20

openvas

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-2270)

2022-08-18 00:00:00

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-2614)

2022-10-28 00:00:00

Mageia: Security Advisory (MGASA-2022-0228)

2022-06-14 00:00:00

ubuntu

Apache HTTP Server regression

2022-06-23 00:00:00

Apache HTTP Server regression

2022-06-23 00:00:00

fedora

[SECURITY] Fedora 36 Update: httpd-2.4.54-3.fc36

2022-07-01 01:09:46

[SECURITY] Fedora 35 Update: httpd-2.4.54-1.fc35

2022-07-06 01:54:10

slackware

[slackware-security] httpd

2022-06-08 19:24:07

amazon

Medium: httpd

2022-07-06 03:12:00

Medium: httpd24

2022-06-30 23:38:00

altlinux

Security fix for the ALT Linux 10 package apache2 version 1:2.4.54-alt1

2022-06-21 00:00:00

Security fix for the ALT Linux 9 package apache2 version 1:2.4.54-alt1

2022-06-19 00:00:00

redos

ROS-20220628-01

2022-06-28 00:00:00

freebsd

Apache httpd -- Multiple vulnerabilities

2022-06-08 00:00:00

kaspersky

KLA12554 Multiple vulnerabilities in Apache HTTP Server

2022-06-08 00:00:00

photon

Critical Photon OS Security Update - PHSA-2022-0489

2022-06-22 00:00:00

Critical Photon OS Security Update - PHSA-2022-0202

2022-06-22 00:00:00

Critical Photon OS Security Update - PHSA-2022-0409

2022-06-23 00:00:00

almalinux

Moderate: httpd:2.4 security update

2022-11-08 00:00:00

Moderate: httpd security, bug fix, and enhancement update

2022-11-15 00:00:00

oraclelinux

httpd:2.4 security update

2022-11-15 00:00:00

httpd security, bug fix, and enhancement update

2022-11-22 00:00:00

rocky

httpd:2.4 security update

2022-11-08 06:25:28

httpd security, bug fix, and enhancement update

2022-11-15 06:14:59

rosalinux

Advisory ROSA-SA-2023-2160

2023-04-25 12:02:31

redhat

(RHSA-2022:7647) Moderate: httpd:2.4 security update

2022-11-08 06:25:28

(RHSA-2022:8067) Moderate: httpd security, bug fix, and enhancement update

2022-11-15 06:14:59

(RHSA-2022:6753) Moderate: httpd24-httpd security and bug fix update

2022-09-29 13:20:41

gentoo

Apache HTTPD: Multiple Vulnerabilities

2022-08-14 00:00:00

oracle

Oracle Critical Patch Update Advisory - January 2023

2023-01-17 00:00:00

Oracle Critical Patch Update Advisory - October 2022

2022-10-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.014 Low

EPSS

Percentile

84.6%

JSON

Related for H1:1594627