PublicDateAtUSN: 2022-03-14 11:15:00 UTC
Candidate: CVE-2022-22720
PublicDate: 2022-03-14 11:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22720
 https://httpd.apache.org/security/vulnerabilities_24.html
 https://ubuntu.com/security/notices/USN-5333-1
 https://ubuntu.com/security/notices/USN-5333-2
Description:
 Apache HTTP Server 2.4.52 and earlier fails to close inbound connection
 when errors are encountered discarding the request body, exposing the
 server to HTTP Request Smuggling
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by: James Kettle
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_apache2:
 upstream: https://svn.apache.org/viewvc?view=revision&revision=1898692 (2.4)
 upstream: https://github.com/apache/httpd/commit/19aa2d83b379719420f3a178413325156d7a62f3 (2.4)
upstream_apache2: released (2.4.53)
trusty/esm_apache2: released (2.4.7-1ubuntu4.22+esm4)
esm-infra/xenial_apache2: released (2.4.18-2ubuntu3.17+esm5)
trusty_apache2: ignored (out of standard support)
xenial_apache2: ignored (out of standard support)
bionic_apache2: released (2.4.29-1ubuntu4.22)
focal_apache2: released (2.4.41-4ubuntu3.10)
impish_apache2: released (2.4.48-3.1ubuntu3.3)
jammy_apache2: released (2.4.52-1ubuntu2)
devel_apache2: released (2.4.52-1ubuntu2)