oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2022-22720: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier

From: Stefan Eissing <icing () apache org>
Date: Mon, 14 Mar 2022 10:08:35 +0000
Severity: important

Description:

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the 
request body, exposing the server to HTTP Request Smuggling

Credit:

James Kettle <james.kettle portswigger.net>
Previous By Date Next
Previous By Thread Next

Current thread: