vulnerability
IBM HTTP Server: CVE-2022-26377: Apache HTTP Server is vulnerable to HTTP request smuggling, caused by an inconsistent Interpretation of HTTP Requests vulnerability in mod_proxy_ajp
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Jul 25, 2022 | Aug 31, 2022 | Nov 20, 2025 |
Severity
7
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Jul 25, 2022
Added
Aug 31, 2022
Modified
Nov 20, 2025
Description
Apache HTTP Server is vulnerable to HTTP request smuggling, caused by an inconsistent Interpretation of HTTP Requests vulnerability in mod_proxy_ajp. An attacker could exploit this vulnerability to smuggle requests to the AJP server it forwards requests to.
Solutions
ibm-http_server-apply-interim-fix-ph46897-for-9_0ibm-http_server-apply-interim-fix-ph46897-for-8_5ibm-http_server-apply-interim-fix-ph46897-for-8_0ibm-http_server-apply-interim-fix-ph46897-for-7_0ibm-http_server-apply-fix-pack-9_0_5_13ibm-http_server-apply-fix-pack-8_5_5_23ibm-http_server-apply-fix-pack-8_0_0_16ibm-http_server-apply-fix-pack-7_0_0_46
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.