CVE-2022-26377

Updated: 2023-11-07 19:27:41.053564

Description:

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 5
CVSS Version 3.x HIGH 7.5

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU httpd 2.4.53 7.5 HIGH Already Fixed 2023-11-08 08:35:59
CentOS 6 ELS httpd 2.2.15 7.5 HIGH Released CLSA-2022:1656447241 2022-07-11 11:45:43
CentOS 7 ELS httpd 2.4.6 7.5 HIGH Released CLSA-2023:1696536930 2023-10-05 17:08:32
CentOS 8.4 ELS httpd 2.4.37 7.5 HIGH Released CLSA-2022:1656429967 2022-06-28 11:50:03
CentOS 8.5 ELS httpd 2.4.37 7.5 HIGH Released CLSA-2022:1656430448 2022-06-28 11:50:03
CloudLinux 6 ELS httpd 2.2.15 7.5 HIGH Released CLSA-2022:1657643056 2022-07-13 20:38:26
Oracle Linux 6 ELS httpd 2.2.15 7.5 HIGH Released CLSA-2022:1656430723 2022-06-28 11:50:01
Ubuntu 16.04 ELS apache2 2.4.18 7.5 HIGH Released CLSA-2022:1656430949 2022-06-28 11:50:03
Ubuntu 18.04 ELS apache2 2.4.29 7.5 HIGH Already Fixed 2023-06-02 09:10:39