CVE-2022-26377

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-26377

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-26377.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-26377

Aliases

BIT-apache-2022-26377

Downstream

ALPINE-CVE-2022-26377

DEBIAN-CVE-2022-26377

OESA-2022-1718

RHSA-2022:6753

RHSA-2022:7647

RHSA-2022:8067

RHSA-2022:8840

SUSE-SU-2022:2099-1

SUSE-SU-2022:2101-1

SUSE-SU-2022:2302-1

SUSE-SU-2022:2338-1

SUSE-SU-2022:2342-1

UBUNTU-CVE-2022-26377

USN-5487-1

USN-5487-3

openSUSE-SU-2024:12142-1

Related

Published

2022-06-09T17:15:09Z

Modified

2025-10-21T02:35:10Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.

References

Affected packages

Git / github.com/apache/httpd

Affected ranges

Type: GIT
Repo: https://github.com/apache/httpd
Events: Introduced

da5873e80d6eee7a0838793bf68f1d0254745fbb

Fixed

5ed6876d88a45356ea39ece729853fc9c9f37e2d