CVE-2022-36760

CRITICAL Year: 2022
CVSS v3 Score
9.0
Critical
Weakness Type
CWE-444
View all →

Vulnerability Description

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.

Related Vulnerabilities

CVE-2018-21245

CRITICAL
CVSS:9.1(Critical)

Pound before 2.8 allows HTTP request smuggling, a related issue to CVE-2016-10711.

CWE-4442018

CVE-2018-3907

CRITICAL
CVSS:9.1(Critical)

An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pip...

CWE-4442018

CVE-2018-3908

CRITICAL
CVSS:9.1(Critical)

An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incorrectly handles pipel...

CWE-4442018

CVE-2018-3909

CRITICAL
CVSS:9.1(Critical)

An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pip...

CWE-4442018

CVE-2019-20444

CRITICAL
CVSS:9.1(Critical)

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid...

CWE-4442019

CVE-2019-20445

CRITICAL
CVSS:9.1(Critical)

HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.

CWE-4442019