vulnerability
IBM HTTP Server: CVE-2022-22720: Apache HTTP Server is vulnerable to HTTP request smuggling, caused by the failure to close inbound connection when errors are encountered discarding the request body
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Mar 22, 2022 | Aug 31, 2022 | Nov 20, 2025 |
Severity
7
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Mar 22, 2022
Added
Aug 31, 2022
Modified
Nov 20, 2025
Description
Apache HTTP Server is vulnerable to HTTP request smuggling, caused by the failure to close inbound connection when errors are encountered discarding the request body. By sending a specially-crafted HTTP(S) transfer-encoding request header, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.
Solutions
ibm-http_server-apply-interim-fix-ph44829-for-9_0ibm-http_server-apply-interim-fix-ph44829-for-8_5ibm-http_server-apply-interim-fix-ph44829-for-8_0ibm-http_server-apply-interim-fix-ph44829-for-7_0ibm-http_server-apply-fix-pack-9_0_5_12ibm-http_server-apply-fix-pack-8_5_5_22ibm-http_server-apply-fix-pack-8_0_0_16ibm-http_server-apply-fix-pack-7_0_0_46
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.