Apache – CVE-2022-26377

Home » Blog » Apache – CVE-2022-26377

Description

Kayran has detected that the Version of Apache HTTP Server being used is vulnerable to Inconsistent Interpretation of HTTP Requests (‘HTTP Request Smuggling’).
Also known as CVE-2022-26377.

Abusing this vulnerability in mod_proxy_ajp of Apache HTTP Server allow attackers to smuggle requests to the AJP server it forwards requests to.

There’s a chance that this vulnerability will allow attackers to modify system files and information.

Recommendation

To fix CVE-2022-26377, upgrade the version of Apache HTTP Server being used to 2.4.54 or higher.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26377

https://cwe.mitre.org/data/definitions/444.html

< Return to all Vulnerabilities

Explaining API

We’ve talked about API’s Vulnerability in here, but i feel like there’s much more to talk about and explain since this is a big and

Using your Work Against you – Reverse Engineering

There are many types of cyber attacks in our world, but what makes Reverse Engineering unique? Why is it considered to “Using your Work Against

Tracing your Requests

Like mentioned here, There are several HTTP request methods, each with its own purpose and uses, In this article we’ll talk about the TRACE Method.

Cyberbullying – We Need to Talk About it

Disclaimer: We in Kayran do not support or encourage any forms or acts of Cyber-bullying. We do not intend to hurt or make fun of

Lights, camera, where is the Script? – JavaScript in short

We know HTML is all about editing, CSS is all about designing, what’s left you ask? Well, JavaScript of course! In other words, JS is

What is a CWE ?

Similar to the article written on CVEs, in this article we will answer the questions :What is CWE ? and, what is the difference between

WEB APPLICATION VULNERABILITY SCANNER