CVE-2022-22720
HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier
9.8
CRITICAL
CVSS 3.1
EPSS 27.5%
Description
Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling
How to fix CVE-2022-22720
To remediate CVE-2022-22720, upgrade the affected package to a fixed version below.
- Alpine/apache2—upgrade to 2.4.53-r0 or later
- —upgrade to 2.4.53 or later
- —upgrade to 2.4.53-1~deb11u1 or later
Is CVE-2022-22720 being exploited?
Moderate — EPSS is 27.5%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (3)
- from 0, < 2.4.53-r0
- from 0, < 2.4.53
- from 0, < 2.4.53-1~deb11u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |