cvelist/2022/22xxx/CVE-2022-22720.json

{
    "CVE_data_meta": {
        "ASSIGNER": "security@apache.org",
        "ID": "CVE-2022-22720",
        "STATE": "PUBLIC",
        "TITLE": "HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Apache HTTP Server",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<=",
                                            "version_name": "Apache HTTP Server 2.4",
                                            "version_value": "2.4.52"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "Apache Software Foundation"
                }
            ]
        }
    },
    "credit": [
        {
            "lang": "eng",
            "value": "James Kettle <james.kettle portswigger.net>"
        }
    ],
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling"
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.0.9"
    },
    "impact": [
        {
            "other": "important"
        }
    ],
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "refsource": "MISC",
                "url": "https://httpd.apache.org/security/vulnerabilities_24.html",
                "name": "https://httpd.apache.org/security/vulnerabilities_24.html"
            },
            {
                "refsource": "MLIST",
                "name": "[oss-security] 20220314 CVE-2022-22720: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier",
                "url": "http://www.openwall.com/lists/oss-security/2022/03/14/3"
            },
            {
                "refsource": "FEDORA",
                "name": "FEDORA-2022-b4103753e9",
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/"
            },
            {
                "refsource": "MLIST",
                "name": "[debian-lts-announce] 20220322 [SECURITY] [DLA 2960-1] apache2 security update",
                "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html"
            },
            {
                "refsource": "FEDORA",
                "name": "FEDORA-2022-21264ec6db",
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/"
            },
            {
                "refsource": "FEDORA",
                "name": "FEDORA-2022-78e3211c55",
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/"
            },
            {
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
                "refsource": "MISC",
                "name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
                "refsource": "CONFIRM",
                "name": "https://security.netapp.com/advisory/ntap-20220321-0001/",
                "url": "https://security.netapp.com/advisory/ntap-20220321-0001/"
            },
            {
                "refsource": "CONFIRM",
                "name": "https://support.apple.com/kb/HT213257",
                "url": "https://support.apple.com/kb/HT213257"
            },
            {
                "refsource": "CONFIRM",
                "name": "https://support.apple.com/kb/HT213256",
                "url": "https://support.apple.com/kb/HT213256"
            },
            {
                "refsource": "CONFIRM",
                "name": "https://support.apple.com/kb/HT213255",
                "url": "https://support.apple.com/kb/HT213255"
            },
            {
                "refsource": "FULLDISC",
                "name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina",
                "url": "http://seclists.org/fulldisclosure/2022/May/33"
            },
            {
                "refsource": "FULLDISC",
                "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
                "url": "http://seclists.org/fulldisclosure/2022/May/35"
            },
            {
                "refsource": "FULLDISC",
                "name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4",
                "url": "http://seclists.org/fulldisclosure/2022/May/38"
            }
        ]
    },
    "source": {
        "discovery": "UNKNOWN"
    }
}
"-Synchronized-Data." 2022-01-06 14:01:02 +00:00			`{`
			`"CVE_data_meta": {`
Apache HTTPD 2022-03-14 10:13:49 +00:00			`"ASSIGNER": "security@apache.org",`
"-Synchronized-Data." 2022-01-06 14:01:02 +00:00			`"ID": "CVE-2022-22720",`
Apache HTTPD 2022-03-14 10:13:49 +00:00			`"STATE": "PUBLIC",`
			`"TITLE": "HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier"`
"-Synchronized-Data." 2022-01-06 14:01:02 +00:00			`},`
Apache HTTPD 2022-03-14 10:13:49 +00:00			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Apache HTTP Server",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "<=",`
			`"version_name": "Apache HTTP Server 2.4",`
			`"version_value": "2.4.52"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "Apache Software Foundation"`
			`}`
			`]`
			`}`
			`},`
			`"credit": [`
			`{`
			`"lang": "eng",`
			`"value": "James Kettle <james.kettle portswigger.net>"`
			`}`
			`],`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
"-Synchronized-Data." 2022-01-06 14:01:02 +00:00			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
Apache HTTPD 2022-03-14 10:13:49 +00:00			`"value": "Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling"`
"-Synchronized-Data." 2022-01-06 14:01:02 +00:00			`}`
			`]`
Apache HTTPD 2022-03-14 10:13:49 +00:00			`},`
			`"generator": {`
			`"engine": "Vulnogram 0.0.9"`
			`},`
			`"impact": [`
			`{`
			`"other": "important"`
			`}`
			`],`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
"-Synchronized-Data." 2022-03-14 11:01:23 +00:00			`"refsource": "MISC",`
			`"url": "https://httpd.apache.org/security/vulnerabilities_24.html",`
			`"name": "https://httpd.apache.org/security/vulnerabilities_24.html"`
"-Synchronized-Data." 2022-03-14 15:01:24 +00:00			`},`
			`{`
			`"refsource": "MLIST",`
			`"name": "[oss-security] 20220314 CVE-2022-22720: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier",`
			`"url": "http://www.openwall.com/lists/oss-security/2022/03/14/3"`
"-Synchronized-Data." 2022-03-21 15:01:20 +00:00			`},`
"-Synchronized-Data." 2022-03-22 06:01:17 +00:00			`{`
			`"refsource": "FEDORA",`
			`"name": "FEDORA-2022-b4103753e9",`
			`"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/"`
"-Synchronized-Data." 2022-03-22 10:01:39 +00:00			`},`
			`{`
			`"refsource": "MLIST",`
			`"name": "[debian-lts-announce] 20220322 [SECURITY] [DLA 2960-1] apache2 security update",`
			`"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html"`
"-Synchronized-Data." 2022-03-26 00:01:29 +00:00			`},`
			`{`
			`"refsource": "FEDORA",`
			`"name": "FEDORA-2022-21264ec6db",`
			`"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/"`
"-Synchronized-Data." 2022-03-26 19:01:18 +00:00			`},`
			`{`
			`"refsource": "FEDORA",`
			`"name": "FEDORA-2022-78e3211c55",`
			`"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/"`
Oracle Critical Patch Updates 2022 April 3rd party CVEs part2 Committer: BSITU <BSITU@BSITU-7320.us.oracle.com> On branch cna/Oracle/CPU2022Apr3rdPart2 Changes to be committed: modified: 2021/22xxx/CVE-2021-22897.json modified: 2021/22xxx/CVE-2021-22898.json modified: 2021/22xxx/CVE-2021-22901.json modified: 2021/22xxx/CVE-2021-22946.json modified: 2021/22xxx/CVE-2021-22947.json modified: 2021/23xxx/CVE-2021-23017.json modified: 2021/23xxx/CVE-2021-23450.json modified: 2021/23xxx/CVE-2021-23463.json modified: 2021/23xxx/CVE-2021-23839.json modified: 2021/23xxx/CVE-2021-23840.json modified: 2021/23xxx/CVE-2021-23841.json modified: 2021/25xxx/CVE-2021-25219.json modified: 2021/26xxx/CVE-2021-26291.json modified: 2021/27xxx/CVE-2021-27568.json modified: 2021/27xxx/CVE-2021-27807.json modified: 2021/27xxx/CVE-2021-27906.json modified: 2021/28xxx/CVE-2021-28163.json modified: 2021/28xxx/CVE-2021-28164.json modified: 2021/28xxx/CVE-2021-28165.json modified: 2021/28xxx/CVE-2021-28168.json modified: 2021/28xxx/CVE-2021-28169.json modified: 2021/28xxx/CVE-2021-28170.json modified: 2021/28xxx/CVE-2021-28657.json modified: 2021/29xxx/CVE-2021-29425.json modified: 2021/29xxx/CVE-2021-29505.json modified: 2021/29xxx/CVE-2021-29921.json modified: 2021/30xxx/CVE-2021-30129.json modified: 2021/30xxx/CVE-2021-30468.json modified: 2021/31xxx/CVE-2021-31799.json modified: 2021/31xxx/CVE-2021-31810.json modified: 2021/31xxx/CVE-2021-31811.json modified: 2021/31xxx/CVE-2021-31812.json modified: 2021/32xxx/CVE-2021-32066.json modified: 2021/32xxx/CVE-2021-32626.json modified: 2021/32xxx/CVE-2021-32627.json modified: 2021/32xxx/CVE-2021-32628.json modified: 2021/32xxx/CVE-2021-32672.json modified: 2021/32xxx/CVE-2021-32675.json modified: 2021/32xxx/CVE-2021-32687.json modified: 2021/32xxx/CVE-2021-32762.json modified: 2021/32xxx/CVE-2021-32785.json modified: 2021/32xxx/CVE-2021-32786.json modified: 2021/32xxx/CVE-2021-32791.json modified: 2021/32xxx/CVE-2021-32792.json modified: 2021/33xxx/CVE-2021-33037.json modified: 2021/33xxx/CVE-2021-33193.json modified: 2021/33xxx/CVE-2021-33560.json modified: 2021/33xxx/CVE-2021-33813.json modified: 2021/33xxx/CVE-2021-33880.json modified: 2021/34xxx/CVE-2021-34428.json modified: 2021/34xxx/CVE-2021-34429.json modified: 2021/34xxx/CVE-2021-34798.json modified: 2021/35xxx/CVE-2021-35043.json modified: 2021/35xxx/CVE-2021-35515.json modified: 2021/35xxx/CVE-2021-35516.json modified: 2021/35xxx/CVE-2021-35517.json modified: 2021/36xxx/CVE-2021-36090.json modified: 2021/36xxx/CVE-2021-36160.json modified: 2021/36xxx/CVE-2021-36373.json modified: 2021/36xxx/CVE-2021-36374.json modified: 2021/37xxx/CVE-2021-37136.json modified: 2021/37xxx/CVE-2021-37137.json modified: 2021/37xxx/CVE-2021-37714.json modified: 2021/38xxx/CVE-2021-38153.json modified: 2021/39xxx/CVE-2021-39139.json modified: 2021/39xxx/CVE-2021-39140.json modified: 2021/39xxx/CVE-2021-39141.json modified: 2021/39xxx/CVE-2021-39144.json modified: 2021/39xxx/CVE-2021-39145.json modified: 2021/39xxx/CVE-2021-39146.json modified: 2021/39xxx/CVE-2021-39147.json modified: 2021/39xxx/CVE-2021-39148.json modified: 2021/39xxx/CVE-2021-39149.json modified: 2021/39xxx/CVE-2021-39150.json modified: 2021/39xxx/CVE-2021-39151.json modified: 2021/39xxx/CVE-2021-39152.json modified: 2021/39xxx/CVE-2021-39153.json modified: 2021/39xxx/CVE-2021-39154.json modified: 2021/39xxx/CVE-2021-39275.json modified: 2021/3xxx/CVE-2021-3156.json modified: 2021/3xxx/CVE-2021-3200.json modified: 2021/3xxx/CVE-2021-3326.json modified: 2021/3xxx/CVE-2021-3449.json modified: 2021/3xxx/CVE-2021-3450.json modified: 2021/3xxx/CVE-2021-3517.json modified: 2021/3xxx/CVE-2021-3518.json modified: 2021/3xxx/CVE-2021-3520.json modified: 2021/3xxx/CVE-2021-3537.json modified: 2021/3xxx/CVE-2021-3572.json modified: 2021/3xxx/CVE-2021-3711.json modified: 2021/3xxx/CVE-2021-3712.json modified: 2021/3xxx/CVE-2021-3807.json modified: 2021/40xxx/CVE-2021-40438.json modified: 2021/40xxx/CVE-2021-40690.json modified: 2021/41xxx/CVE-2021-41099.json modified: 2021/41xxx/CVE-2021-41164.json modified: 2021/41xxx/CVE-2021-41165.json modified: 2021/41xxx/CVE-2021-41182.json modified: 2021/41xxx/CVE-2021-41183.json modified: 2021/41xxx/CVE-2021-41184.json modified: 2021/41xxx/CVE-2021-41617.json modified: 2021/41xxx/CVE-2021-41973.json modified: 2021/42xxx/CVE-2021-42013.json modified: 2021/42xxx/CVE-2021-42340.json modified: 2021/42xxx/CVE-2021-42392.json modified: 2021/42xxx/CVE-2021-42717.json modified: 2021/43xxx/CVE-2021-43527.json modified: 2021/43xxx/CVE-2021-43797.json modified: 2021/43xxx/CVE-2021-43818.json modified: 2021/43xxx/CVE-2021-43859.json modified: 2021/44xxx/CVE-2021-44224.json modified: 2021/44xxx/CVE-2021-44228.json modified: 2021/44xxx/CVE-2021-44531.json modified: 2021/44xxx/CVE-2021-44532.json modified: 2021/44xxx/CVE-2021-44533.json modified: 2021/44xxx/CVE-2021-44790.json modified: 2021/44xxx/CVE-2021-44832.json modified: 2021/45xxx/CVE-2021-45046.json modified: 2021/45xxx/CVE-2021-45105.json modified: 2021/4xxx/CVE-2021-4034.json modified: 2021/4xxx/CVE-2021-4104.json modified: 2021/4xxx/CVE-2021-4133.json modified: 2021/4xxx/CVE-2021-4160.json modified: 2021/4xxx/CVE-2021-4181.json modified: 2021/4xxx/CVE-2021-4182.json modified: 2021/4xxx/CVE-2021-4183.json modified: 2021/4xxx/CVE-2021-4184.json modified: 2021/4xxx/CVE-2021-4185.json modified: 2022/0xxx/CVE-2022-0391.json modified: 2022/0xxx/CVE-2022-0778.json modified: 2022/20xxx/CVE-2022-20612.json modified: 2022/20xxx/CVE-2022-20613.json modified: 2022/20xxx/CVE-2022-20614.json modified: 2022/20xxx/CVE-2022-20615.json modified: 2022/21xxx/CVE-2022-21271.json modified: 2022/21xxx/CVE-2022-21375.json modified: 2022/21xxx/CVE-2022-21446.json modified: 2022/21xxx/CVE-2022-21461.json modified: 2022/21xxx/CVE-2022-21463.json modified: 2022/21xxx/CVE-2022-21493.json modified: 2022/21xxx/CVE-2022-21494.json modified: 2022/21xxx/CVE-2022-21716.json modified: 2022/21xxx/CVE-2022-21824.json modified: 2022/22xxx/CVE-2022-22719.json modified: 2022/22xxx/CVE-2022-22720.json modified: 2022/22xxx/CVE-2022-22721.json modified: 2022/22xxx/CVE-2022-22947.json modified: 2022/22xxx/CVE-2022-22963.json modified: 2022/22xxx/CVE-2022-22965.json modified: 2022/23xxx/CVE-2022-23181.json modified: 2022/23xxx/CVE-2022-23221.json modified: 2022/23xxx/CVE-2022-23302.json modified: 2022/23xxx/CVE-2022-23305.json modified: 2022/23xxx/CVE-2022-23307.json modified: 2022/23xxx/CVE-2022-23437.json modified: 2022/23xxx/CVE-2022-23852.json modified: 2022/23xxx/CVE-2022-23943.json modified: 2022/23xxx/CVE-2022-23990.json modified: 2022/24xxx/CVE-2022-24329.json modified: 2022/25xxx/CVE-2022-25235.json modified: 2022/25xxx/CVE-2022-25236.json modified: 2022/25xxx/CVE-2022-25313.json modified: 2022/25xxx/CVE-2022-25314.json modified: 2022/25xxx/CVE-2022-25315.json 2022-04-19 16:28:20 -07:00			`},`
			`{`
"-Synchronized-Data." 2022-04-20 00:02:10 +00:00			`"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",`
			`"refsource": "MISC",`
			`"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"`
			`},`
			`{`
			`"refsource": "CONFIRM",`
			`"name": "https://security.netapp.com/advisory/ntap-20220321-0001/",`
			`"url": "https://security.netapp.com/advisory/ntap-20220321-0001/"`
"-Synchronized-Data." 2022-05-16 20:01:40 +00:00			`},`
			`{`
			`"refsource": "CONFIRM",`
			`"name": "https://support.apple.com/kb/HT213257",`
			`"url": "https://support.apple.com/kb/HT213257"`
			`},`
			`{`
			`"refsource": "CONFIRM",`
			`"name": "https://support.apple.com/kb/HT213256",`
			`"url": "https://support.apple.com/kb/HT213256"`
"-Synchronized-Data." 2022-05-16 21:02:00 +00:00			`},`
			`{`
			`"refsource": "CONFIRM",`
			`"name": "https://support.apple.com/kb/HT213255",`
			`"url": "https://support.apple.com/kb/HT213255"`
"-Synchronized-Data." 2022-05-17 07:01:27 +00:00			`},`
			`{`
			`"refsource": "FULLDISC",`
			`"name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina",`
			`"url": "http://seclists.org/fulldisclosure/2022/May/33"`
"-Synchronized-Data." 2022-05-17 07:01:53 +00:00			`},`
			`{`
			`"refsource": "FULLDISC",`
			`"name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",`
			`"url": "http://seclists.org/fulldisclosure/2022/May/35"`
			`},`
			`{`
			`"refsource": "FULLDISC",`
			`"name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4",`
			`"url": "http://seclists.org/fulldisclosure/2022/May/38"`
Apache HTTPD 2022-03-14 10:13:49 +00:00			`}`
			`]`
			`},`
			`"source": {`
			`"discovery": "UNKNOWN"`
"-Synchronized-Data." 2022-01-06 14:01:02 +00:00			`}`
"-Synchronized-Data." 2022-03-14 11:01:23 +00:00			`}`