Oracle HTTP Server Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2022-22720)

Description

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling

Remediation

References

CVE-2022-22720

Related Vulnerabilities

WordPress Plugin Breezing Forms SQL Injection (1.2.7.30)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-3394)

WordPress Plugin DX Share Selection Cross-Site Request Forgery (1.4)

WebLogic CVE-2020-14644 Vulnerability (CVE-2020-14644)

WordPress Plugin BIC Media Widget Cross-Site Scripting (1.0)

Severity

Critical

Classification

CVE-2022-22720 CWE-444 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H