CVE-2022-26377

CVE-2022-26377: mod_proxy_ajp: Possible request smuggling

Vendor Apache Software Foundation
Product Apache HTTP Server
Weakness CWE-444
Published June 8, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.

Key dates

02Disclosure timeline

June 8, 2022 CVE published
August 3, 2024 Record updated