Unrated severityNVD Advisory· Published Jan 17, 2023· Updated Apr 4, 2025
Apache HTTP Server: mod_proxy_ajp Possible request smuggling
CVE-2022-36760
Description
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
46<=2.4.54+ 1 more
- (no CPE)range: <=2.4.54
- (no CPE)range: 2.4
- osv-coords44 versionspkg:bitnami/apachepkg:rpm/almalinux/httpdpkg:rpm/almalinux/httpd-corepkg:rpm/almalinux/httpd-develpkg:rpm/almalinux/httpd-filesystempkg:rpm/almalinux/httpd-manualpkg:rpm/almalinux/httpd-toolspkg:rpm/almalinux/mod_http2pkg:rpm/almalinux/mod_ldappkg:rpm/almalinux/mod_luapkg:rpm/almalinux/mod_mdpkg:rpm/almalinux/mod_proxy_htmlpkg:rpm/almalinux/mod_sessionpkg:rpm/almalinux/mod_sslpkg:rpm/opensuse/apache2&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/apache2&distro=openSUSE%20Tumbleweedpkg:rpm/suse/apache2&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/apache2&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/apache2&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOSpkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP4pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP4pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/apache2&distro=SUSE%20Manager%20Proxy%204.2pkg:rpm/suse/apache2&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.2pkg:rpm/suse/apache2&distro=SUSE%20Manager%20Server%204.2pkg:rpm/suse/apache2&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/apache2&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
>= 2.4.0, < 2.4.55+ 43 more
- (no CPE)range: >= 2.4.0, < 2.4.55
- (no CPE)range: < 2.4.37-51.module_el8.7.0+3405+9516b832.1
- (no CPE)range: < 2.4.53-7.el9_1.1
- (no CPE)range: < 2.4.37-51.module_el8.7.0+3405+9516b832.1
- (no CPE)range: < 2.4.37-51.module_el8.7.0+3405+9516b832.1
- (no CPE)range: < 2.4.37-51.module_el8.7.0+3405+9516b832.1
- (no CPE)range: < 2.4.37-51.module_el8.7.0+3405+9516b832.1
- (no CPE)range: < 1.15.7-5.module_el8.6.0+2872+fe0ff7aa
- (no CPE)range: < 2.4.37-51.module_el8.7.0+3405+9516b832.1
- (no CPE)range: < 2.4.53-7.el9_1.1
- (no CPE)range: < 1:2.0.8-8.module_el8.6.0+2872+fe0ff7aa
- (no CPE)range: < 1:2.4.37-51.module_el8.7.0+3405+9516b832.1
- (no CPE)range: < 2.4.37-51.module_el8.7.0+3405+9516b832.1
- (no CPE)range: < 1:2.4.37-51.module_el8.7.0+3405+9516b832.1
- (no CPE)range: < 2.4.51-150400.6.6.1
- (no CPE)range: < 2.4.55-1.1
- (no CPE)range: < 2.4.33-150000.3.72.1
- (no CPE)range: < 2.4.51-150200.3.51.1
- (no CPE)range: < 2.4.51-150200.3.51.1
- (no CPE)range: < 2.4.33-150000.3.72.1
- (no CPE)range: < 2.4.51-150200.3.51.1
- (no CPE)range: < 2.4.51-150200.3.51.1
- (no CPE)range: < 2.4.51-150200.3.51.1
- (no CPE)range: < 2.4.51-150400.6.6.1
- (no CPE)range: < 2.4.51-150400.6.6.1
- (no CPE)range: < 2.4.51-150400.6.6.1
- (no CPE)range: < 2.4.51-150200.3.51.1
- (no CPE)range: < 2.4.23-29.94.1
- (no CPE)range: < 2.4.23-29.94.1
- (no CPE)range: < 2.4.51-35.22.1
- (no CPE)range: < 2.4.33-150000.3.72.1
- (no CPE)range: < 2.4.51-150200.3.51.1
- (no CPE)range: < 2.4.51-150200.3.51.1
- (no CPE)range: < 2.4.23-29.94.1
- (no CPE)range: < 2.4.51-35.22.1
- (no CPE)range: < 2.4.33-150000.3.72.1
- (no CPE)range: < 2.4.51-150200.3.51.1
- (no CPE)range: < 2.4.51-150200.3.51.1
- (no CPE)range: < 2.4.51-35.22.1
- (no CPE)range: < 2.4.51-150200.3.51.1
- (no CPE)range: < 2.4.51-150200.3.51.1
- (no CPE)range: < 2.4.51-150200.3.51.1
- (no CPE)range: < 2.4.23-29.94.1
- (no CPE)range: < 2.4.23-29.94.1
Patches
Vulnerability mechanics
References
2- httpd.apache.org/security/vulnerabilities_24.htmlmitrevendor-advisory
- security.gentoo.org/glsa/202309-01mitre
News mentions
0No linked articles in our index yet.