CVE-2022-22720

CVE-2022-22720: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier

Vendor Apache Software Foundation

Product Apache HTTP Server

Weakness CWE-444

Published March 14, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling

Key dates

Disclosure timeline

March 14, 2022 CVE published

August 3, 2024 Record updated