CVE-2022-36760

CVE-2022-36760: Apache HTTP Server: mod_proxy_ajp Possible request smuggling

Vendor Apache Software Foundation

Product Apache HTTP Server

Weakness CWE-444

Published January 17, 2023

Last update April 4, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.

Key dates

Disclosure timeline

January 17, 2023 CVE published

April 4, 2025 Record updated