CVE-2022-22720: httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Medium
|
Joe Slater |
Bug Description
CVE-2022-22720: httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling
Score:
cve_id status cvss2Score av ac au ai
CVE-2022-22720 fixed 7.5 N L N P
Description:
Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling
References:
https:/
https:/
https:/
https:/
https:/
Found during April 2022 CVE scan using vulscan
CVE References
Changed in starlingx: | |
status: | Triaged → In Progress |
Screening: Marking as medium priority as this CVE meets the StarlingX fix criteria. Should be fixed in stx master and considered for cherry-pick to stx.6.0 if a maintenance release is planned