CVE Tools

Home/Vulnerability/CVE-2022-36760

CVE-2022-36760

Apache HTTP Server: mod_proxy_ajp Possible request smuggling

Published: Jan 17, 2023Updated: Apr 4, 2025 Sources: CVE List NVD BDU csaf

9.0CVSS

CRITICAL

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.

EPSS Score

0.4%

Top 41.3%

CISA KEV

Not in KEV

Exploits

No Known Exploits

Remediation

Patch Available

CVSS Vector Breakdown

Exploitability

AV:NAttack Vector

Network

AC:HAttack Complexity

High

PR:NPrivileges Required

None

UI:NUser Interaction

None

Scope

S:CScope

Changed

Impact

C:HConfidentiality

High

I:HIntegrity

High

A:HAvailability

High

Weaknesses

CWE-444

Affected Products

Astra Linux Special Edition

ООО «РусБИТех-Астра»

SUSE Linux Enterprise Server for SAP Applications

Novell Inc.

Red Hat Enterprise Linux

Red Hat Inc.

Suse Linux Enterprise Server

Novell Inc.

SUSE Linux Enterprise Software Development Kit

Novell Inc.

and 13 more affected products View all →

Attack Graph

Products CVE Techniques Tactics

Click technique nodes to view MITRE ATT&CK details. Scroll to zoom, drag to pan.

Exploitability

Official Patch Available

MITRE ATT&CK

1 technique

Collection

View detailed technique mapping

References

https://nvd.nist.gov/vuln/detail/CVE-2022-36760

nvd.nist.gov

https://httpd.apache.org/security/vulnerabilities_24.html

httpd.apache.org

https://access.redhat.com/security/cve/cve-2022-36760

access.redhat.com

and 465 more references View all →

Timeline

Published

Jan 17, 2023

Last Updated

Apr 4, 2025

News mentions

Emergency Patch Release Secures Apache HTTP Server Deployments Against Remote Attacks
en-us·Daily CyberSecurity (securityonline.info)· Summary only·Jun 9, 2026

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2022-36760 and every CVE in our database. Create a free account — no credit card required.

Create Free Account

AI-powered analysis

Plain-language impact assessment and exploitation scenario

Attack graph visualization

Interactive attack path and kill chain mapping

Exploit details & PoC links

ExploitDB, Metasploit, GitHub PoCs with direct links

Nuclei scanner templates

Ready-to-use vulnerability scanner templates

Full remediation guide

Patch instructions, workarounds, and compliance impact

Interactive AI chat

Ask questions about this vulnerability in natural language

Related vulnerabilities

Semantically similar CVEs and attack patterns

REST API & MCP access

Integrate vulnerability data into your workflows