CVE-2022-22720
Description
Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
31.719
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2022-22719,CVE-2022-22720,CVE-2022-22721,CVE-2022-23943 are fixed in Apache Apache 2.4.53 | Windows |
| Multiple vulnerabilities are fixed in IBM HTTP 8.5.5.2 | Windows |
| Multiple vulnerabilities are fixed in IBM HTTP 9.0.5.12 | Windows |
| Multiple Vulnerabilities are affected in IBM Tivoli Monitoring 6.3.0 | Windows |
| Multiple vulnerabilities are fixed in Mac OS - Monterey 12.4 (Software Update) - AutoReboot | Mac |
| Multiple vulnerabilities are fixed in MacOS Big Sur 11.6.6 - Software Update | Mac |
| SUSE-SU-2022:0928-1(SUSE Linux Enterprise Server 12-SP5 ) apache2-2.4.51-35.13.1.x86_64.rpm | Linux |
| SUSE-SU-2022:0928-1(SUSE Linux Enterprise Server 12-SP5 ) apache2-debuginfo-2.4.51-35.13.1.x86_64.rpm | Linux |
| SUSE-SU-2022:0928-1(SUSE Linux Enterprise Server 12-SP5 ) apache2-debugsource-2.4.51-35.13.1.x86_64.rpm | Linux |
| SUSE-SU-2022:0928-1(SUSE Linux Enterprise Server 12-SP5 ) apache2-doc-2.4.51-35.13.1.noarch.rpm | Linux |
| SUSE-SU-2022:0928-1(SUSE Linux Enterprise Server 12-SP5 ) apache2-example-pages-2.4.51-35.13.1.x86_64.rpm | Linux |
| SUSE-SU-2022:0928-1(SUSE Linux Enterprise Server 12-SP5 ) apache2-prefork-2.4.51-35.13.1.x86_64.rpm | Linux |
| SUSE-SU-2022:0928-1(SUSE Linux Enterprise Server 12-SP5 ) apache2-prefork-debuginfo-2.4.51-35.13.1.x86_64.rpm | Linux |
| SUSE-SU-2022:0928-1(SUSE Linux Enterprise Server 12-SP5 ) apache2-utils-2.4.51-35.13.1.x86_64.rpm | Linux |
| SUSE-SU-2022:0928-1(SUSE Linux Enterprise Server 12-SP5 ) apache2-utils-debuginfo-2.4.51-35.13.1.x86_64.rpm | Linux |
| SUSE-SU-2022:0928-1(SUSE Linux Enterprise Server 12-SP5 ) apache2-worker-2.4.51-35.13.1.x86_64.rpm | Linux |
| SUSE-SU-2022:0928-1(SUSE Linux Enterprise Server 12-SP5 ) apache2-worker-debuginfo-2.4.51-35.13.1.x86_64.rpm | Linux |
| (RHSA-2022:1045) httpd security update httpd-2.4.6-97.el7_9.5.x86_64.rpm | Linux |
| (RHSA-2022:1045) httpd security update httpd-devel-2.4.6-97.el7_9.5.x86_64.rpm | Linux |
| (RHSA-2022:1045) httpd security update httpd-manual-2.4.6-97.el7_9.5.noarch.rpm | Linux |
| (RHSA-2022:1045) httpd security update httpd-tools-2.4.6-97.el7_9.5.x86_64.rpm | Linux |
| (RHSA-2022:1045) httpd security update mod_ldap-2.4.6-97.el7_9.5.x86_64.rpm | Linux |
| (RHSA-2022:1045) httpd security update mod_proxy_html-2.4.6-97.el7_9.5.x86_64.rpm | Linux |
| (RHSA-2022:1045) httpd security update mod_session-2.4.6-97.el7_9.5.x86_64.rpm | Linux |
| (RHSA-2022:1045) httpd security update mod_ssl-2.4.6-97.el7_9.5.x86_64.rpm | Linux |
| (RHSA-2022:1049) httpd:2.4 security update httpd-2.4.37-43.module+el8.5.0+14530+6f259f31.3.x86_64.rpm | Linux |
| (RHSA-2022:1049) httpd:2.4 security update httpd-debugsource-2.4.37-43.module+el8.5.0+14530+6f259f31.3.x86_64.rpm | Linux |
| (RHSA-2022:1049) httpd:2.4 security update httpd-devel-2.4.37-43.module+el8.5.0+14530+6f259f31.3.x86_64.rpm | Linux |
| (RHSA-2022:1049) httpd:2.4 security update httpd-filesystem-2.4.37-43.module+el8.5.0+14530+6f259f31.3.noarch.rpm | Linux |
| (RHSA-2022:1049) httpd:2.4 security update httpd-manual-2.4.37-43.module+el8.5.0+14530+6f259f31.3.noarch.rpm | Linux |
| (RHSA-2022:1049) httpd:2.4 security update httpd-tools-2.4.37-43.module+el8.5.0+14530+6f259f31.3.x86_64.rpm | Linux |
| (RHSA-2022:1049) httpd:2.4 security update mod_ldap-2.4.37-43.module+el8.5.0+14530+6f259f31.3.x86_64.rpm | Linux |
| (RHSA-2022:1049) httpd:2.4 security update mod_proxy_html-2.4.37-43.module+el8.5.0+14530+6f259f31.3.x86_64.rpm | Linux |
| (RHSA-2022:1049) httpd:2.4 security update mod_session-2.4.37-43.module+el8.5.0+14530+6f259f31.3.x86_64.rpm | Linux |
| (RHSA-2022:1049) httpd:2.4 security update mod_ssl-2.4.37-43.module+el8.5.0+14530+6f259f31.3.x86_64.rpm | Linux |
| Httpd update (ELSA-2022-1045) httpd-2.4.6-97.0.5.el7_9.5.x86_64.rpm | Linux |
| Httpd-devel update (ELSA-2022-1045) httpd-devel-2.4.6-97.0.5.el7_9.5.x86_64.rpm | Linux |
| Httpd-manual update (ELSA-2022-1045) httpd-manual-2.4.6-97.0.5.el7_9.5.noarch.rpm | Linux |
| Httpd-tools update (ELSA-2022-1045) httpd-tools-2.4.6-97.0.5.el7_9.5.x86_64.rpm | Linux |
| Mod_ldap update (ELSA-2022-1045) mod_ldap-2.4.6-97.0.5.el7_9.5.x86_64.rpm | Linux |
| Mod_proxy_html update (ELSA-2022-1045) mod_proxy_html-2.4.6-97.0.5.el7_9.5.x86_64.rpm | Linux |
| Mod_session update (ELSA-2022-1045) mod_session-2.4.6-97.0.5.el7_9.5.x86_64.rpm | Linux |
| Mod_ssl update (ELSA-2022-1045) mod_ssl-2.4.6-97.0.5.el7_9.5.x86_64.rpm | Linux |
| Httpd update (ELSA-2022-1049) httpd-2.4.37-43.0.2.module+el8.5.0+20524+6e75a975.3.x86_64.rpm | Linux |
| Httpd-devel update (ELSA-2022-1049) httpd-devel-2.4.37-43.0.2.module+el8.5.0+20524+6e75a975.3.x86_64.rpm | Linux |
| Httpd-filesystem update (ELSA-2022-1049) httpd-filesystem-2.4.37-43.0.2.module+el8.5.0+20524+6e75a975.3.noarch.rpm | Linux |
| Httpd-manual update (ELSA-2022-1049) httpd-manual-2.4.37-43.0.2.module+el8.5.0+20524+6e75a975.3.noarch.rpm | Linux |
| Httpd-tools update (ELSA-2022-1049) httpd-tools-2.4.37-43.0.2.module+el8.5.0+20524+6e75a975.3.x86_64.rpm | Linux |
| Mod_http2 update (ELSA-2022-1049) mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.x86_64.rpm | Linux |
| Mod_ldap update (ELSA-2022-1049) mod_ldap-2.4.37-43.0.2.module+el8.5.0+20524+6e75a975.3.x86_64.rpm | Linux |
| Mod_md update (ELSA-2022-1049) mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.x86_64.rpm | Linux |
| Mod_proxy_html update (ELSA-2022-1049) mod_proxy_html-2.4.37-43.0.2.module+el8.5.0+20524+6e75a975.3.x86_64.rpm | Linux |
| Mod_session update (ELSA-2022-1049) mod_session-2.4.37-43.0.2.module+el8.5.0+20524+6e75a975.3.x86_64.rpm | Linux |
| Mod_ssl update (ELSA-2022-1049) mod_ssl-2.4.37-43.0.2.module+el8.5.0+20524+6e75a975.3.x86_64.rpm | Linux |
| Vulnerabilities CVE-2022-22719,CVE-2022-22720,CVE-2022-22721,CVE-2022-23943 are fixed in Apache Apache 2.4.53 (For Linux) | Linux |
| Inconsistent Interpretation of HTTP Requests (HTTP Request/Response Smuggling) Vulnerability (CVE-2022-22720) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-608134 | Mac OS - Monterey 12.7.6 (Software Update) - AutoReboot (CVE-2024-27877) |
| PATCH-605753 | MacOS Big Sur 11.7.10 - Software Update (Force Reboot)(CVE-2023-41064) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234