Apache – CVE-2022-26377

Description

Kayran has detected that the Version of Apache HTTP Server being used is vulnerable to Inconsistent Interpretation of HTTP Requests (‘HTTP Request Smuggling’).
Also known as CVE-2022-26377.

Abusing this vulnerability in mod_proxy_ajp of Apache HTTP Server allow attackers to smuggle requests to the AJP server it forwards requests to.

There’s a chance that this vulnerability will allow attackers to modify system files and information.

Recommendation

To fix CVE-2022-26377, upgrade the version of Apache HTTP Server being used to 2.4.54 or higher.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26377

https://cwe.mitre.org/data/definitions/444.html

< Return to all Vulnerabilities

SQLI to RCE

How to preform SQLI TO RCE? One of the most interesting and important things about any site is the database. So, it’s important to protect

Read More »

The Cloud

I’m pretty sure there isn’t a single adult in the world who hasn’t at least heard of The Cloud. Explaining “The Cloud” in 2022 may

Read More »

Passwords 101

Unlike basketballs, “passwords” are things we don’t want to be passed around, especially in a society built around the idea that “mystery” is appealing. We

Read More »