Description


Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling

Related CPE's



o

fedoraproject

fedora

3



a

oracle

http_server

2


o

apple

mac_os_x

12

o

apple

macos

3

Weaknesses



CWE-444


CWE-444

CVSS impact metrics


CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 · Critical

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information


Source identifier

[email protected]

Vulnerability status

Modified

Published

2022-03-14T11:15:09.083

3 years ago

Last modified

2023-11-07T03:43:58.403

1 year ago