CVE-2022-22720

Updated: 2025-08-20 02:03:37.237844

Description:

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x HIGH 7.5
CVSS Version 3.x CRITICAL 9.8

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
CentOS 6 ELS httpd 2.2.15 9.8 CRITICAL Released CLSA-2022:1648136177 2022-05-05 12:04:58
CentOS 7 ELS httpd 2.4.6 9.8 CRITICAL Already Fixed 2023-09-19 09:30:22
CentOS 8.4 ELS httpd 2.4.37 9.8 CRITICAL Released CLSA-2022:1648136371 2022-04-19 21:49:52
CentOS 8.5 ELS httpd 2.4.37 9.8 CRITICAL Released CLSA-2022:1648136411 2022-04-19 21:49:52
CloudLinux 6 ELS httpd 2.2.15 9.8 CRITICAL Released CLSA-2022:1648136246 2022-04-19 21:49:52
Oracle Linux 6 ELS httpd 2.2.15 9.8 CRITICAL Released CLSA-2022:1648136281 2022-04-19 21:49:52
Oracle Linux 7 ELS httpd 2.4.6 9.8 CRITICAL In Testing 2026-01-13 20:38:33
Ubuntu 16.04 ELS apache2 2.4.18 9.8 CRITICAL Released CLSA-2022:1648136327 2022-04-19 21:49:45
Ubuntu 18.04 ELS apache2 2.4.29 9.8 CRITICAL Already Fixed 2023-04-28 08:48:54