Vulnerability-Lookup

SUSE-SU-2022:14924-1

Vulnerability from csaf_suse - Published: 2022-03-21 15:51 - Updated: 2022-03-21 15:51

Summary

Security update for apache2

Severity

Important

Notes

Title of the patch: Security update for apache2

Description of the patch: This update for apache2 fixes the following issues: - CVE-2022-22720: HTTP request smuggling due to incorrect error handling (bsc#1197095). - CVE-2022-22721: possible buffer overflow with very large or unlimited LimitXMLRequestBody (bsc#1197096).

Patchnames: sleposp3-apache2-14924,slessp4-apache2-14924

CVE-2022-22720

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected products

Recommended 31 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:apache2-2.2.34-70.41.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:apache2-devel-2.2.34-70.41.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:apache2-doc-2.2.34-70.41.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:apache2-example-pages-2.2.34-70.41.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:apache2-prefork-2.2.34-70.41.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:apache2-utils-2.2.34-70.41.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:apache2-worker-2.2.34-70.41.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-2.2.34-70.41.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-2.2.34-70.41.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-2.2.34-70.41.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-2.2.34-70.41.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-doc-2.2.34-70.41.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-doc-2.2.34-70.41.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-doc-2.2.34-70.41.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-doc-2.2.34-70.41.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-example-pages-2.2.34-70.41.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-example-pages-2.2.34-70.41.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-example-pages-2.2.34-70.41.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-example-pages-2.2.34-70.41.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-prefork-2.2.34-70.41.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-prefork-2.2.34-70.41.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-prefork-2.2.34-70.41.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-prefork-2.2.34-70.41.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-utils-2.2.34-70.41.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-utils-2.2.34-70.41.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-utils-2.2.34-70.41.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-utils-2.2.34-70.41.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-worker-2.2.34-70.41.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-worker-2.2.34-70.41.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-worker-2.2.34-70.41.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-worker-2.2.34-70.41.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2022-22721

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

Affected products

Recommended 31 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:apache2-2.2.34-70.41.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:apache2-devel-2.2.34-70.41.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:apache2-doc-2.2.34-70.41.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:apache2-example-pages-2.2.34-70.41.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:apache2-prefork-2.2.34-70.41.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:apache2-utils-2.2.34-70.41.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:apache2-worker-2.2.34-70.41.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-2.2.34-70.41.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-2.2.34-70.41.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-2.2.34-70.41.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-2.2.34-70.41.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-doc-2.2.34-70.41.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-doc-2.2.34-70.41.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-doc-2.2.34-70.41.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-doc-2.2.34-70.41.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-example-pages-2.2.34-70.41.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-example-pages-2.2.34-70.41.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-example-pages-2.2.34-70.41.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-example-pages-2.2.34-70.41.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-prefork-2.2.34-70.41.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-prefork-2.2.34-70.41.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-prefork-2.2.34-70.41.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-prefork-2.2.34-70.41.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-utils-2.2.34-70.41.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-utils-2.2.34-70.41.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-utils-2.2.34-70.41.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-utils-2.2.34-70.41.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-worker-2.2.34-70.41.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-worker-2.2.34-70.41.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-worker-2.2.34-70.41.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-worker-2.2.34-70.41.1.x86_64	—	Vendor Fix

Threats

Impact important

References

19 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1197095	self
https://bugzilla.suse.com/1197096	self
https://www.suse.com/security/cve/CVE-2022-22720/	self
https://www.suse.com/security/cve/CVE-2022-22721/	self
https://www.suse.com/security/cve/CVE-2022-22720	external
https://bugzilla.suse.com/1197095	external
https://bugzilla.suse.com/1198430	external
https://bugzilla.suse.com/1198998	external
https://bugzilla.suse.com/1199102	external
https://bugzilla.suse.com/1199495	external
https://bugzilla.suse.com/1204730	external
https://bugzilla.suse.com/1225670	external
https://www.suse.com/security/cve/CVE-2022-22721	external
https://bugzilla.suse.com/1197096	external
https://bugzilla.suse.com/1198430	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for apache2",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for apache2 fixes the following issues:\n\n- CVE-2022-22720: HTTP request smuggling due to incorrect error handling (bsc#1197095).\n- CVE-2022-22721: possible buffer overflow with very large or unlimited LimitXMLRequestBody (bsc#1197096).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "sleposp3-apache2-14924,slessp4-apache2-14924",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_14924-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2022:14924-1",
        "url": "https://www.suse.com/support/update/announcement/2022/suse-su-202214924-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2022:14924-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-March/010491.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1197095",
        "url": "https://bugzilla.suse.com/1197095"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1197096",
        "url": "https://bugzilla.suse.com/1197096"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-22720 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-22720/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-22721 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-22721/"
      }
    ],
    "title": "Security update for apache2",
    "tracking": {
      "current_release_date": "2022-03-21T15:51:45Z",
      "generator": {
        "date": "2022-03-21T15:51:45Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2022:14924-1",
      "initial_release_date": "2022-03-21T15:51:45Z",
      "revision_history": [
        {
          "date": "2022-03-21T15:51:45Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "apache2-2.2.34-70.41.1.i586",
                "product": {
                  "name": "apache2-2.2.34-70.41.1.i586",
                  "product_id": "apache2-2.2.34-70.41.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "apache2-devel-2.2.34-70.41.1.i586",
                "product": {
                  "name": "apache2-devel-2.2.34-70.41.1.i586",
                  "product_id": "apache2-devel-2.2.34-70.41.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "apache2-doc-2.2.34-70.41.1.i586",
                "product": {
                  "name": "apache2-doc-2.2.34-70.41.1.i586",
                  "product_id": "apache2-doc-2.2.34-70.41.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "apache2-example-pages-2.2.34-70.41.1.i586",
                "product": {
                  "name": "apache2-example-pages-2.2.34-70.41.1.i586",
                  "product_id": "apache2-example-pages-2.2.34-70.41.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "apache2-prefork-2.2.34-70.41.1.i586",
                "product": {
                  "name": "apache2-prefork-2.2.34-70.41.1.i586",
                  "product_id": "apache2-prefork-2.2.34-70.41.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "apache2-utils-2.2.34-70.41.1.i586",
                "product": {
                  "name": "apache2-utils-2.2.34-70.41.1.i586",
                  "product_id": "apache2-utils-2.2.34-70.41.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "apache2-worker-2.2.34-70.41.1.i586",
                "product": {
                  "name": "apache2-worker-2.2.34-70.41.1.i586",
                  "product_id": "apache2-worker-2.2.34-70.41.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "apache2-2.2.34-70.41.1.ppc64",
                "product": {
                  "name": "apache2-2.2.34-70.41.1.ppc64",
                  "product_id": "apache2-2.2.34-70.41.1.ppc64"
                }
              },
              {
                "category": "product_version",
                "name": "apache2-doc-2.2.34-70.41.1.ppc64",
                "product": {
                  "name": "apache2-doc-2.2.34-70.41.1.ppc64",
                  "product_id": "apache2-doc-2.2.34-70.41.1.ppc64"
                }
              },
              {
                "category": "product_version",
                "name": "apache2-example-pages-2.2.34-70.41.1.ppc64",
                "product": {
                  "name": "apache2-example-pages-2.2.34-70.41.1.ppc64",
                  "product_id": "apache2-example-pages-2.2.34-70.41.1.ppc64"
                }
              },
              {
                "category": "product_version",
                "name": "apache2-prefork-2.2.34-70.41.1.ppc64",
                "product": {
                  "name": "apache2-prefork-2.2.34-70.41.1.ppc64",
                  "product_id": "apache2-prefork-2.2.34-70.41.1.ppc64"
                }
              },
              {
                "category": "product_version",
                "name": "apache2-utils-2.2.34-70.41.1.ppc64",
                "product": {
                  "name": "apache2-utils-2.2.34-70.41.1.ppc64",
                  "product_id": "apache2-utils-2.2.34-70.41.1.ppc64"
                }
              },
              {
                "category": "product_version",
                "name": "apache2-worker-2.2.34-70.41.1.ppc64",
                "product": {
                  "name": "apache2-worker-2.2.34-70.41.1.ppc64",
                  "product_id": "apache2-worker-2.2.34-70.41.1.ppc64"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "apache2-2.2.34-70.41.1.s390x",
                "product": {
                  "name": "apache2-2.2.34-70.41.1.s390x",
                  "product_id": "apache2-2.2.34-70.41.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "apache2-doc-2.2.34-70.41.1.s390x",
                "product": {
                  "name": "apache2-doc-2.2.34-70.41.1.s390x",
                  "product_id": "apache2-doc-2.2.34-70.41.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "apache2-example-pages-2.2.34-70.41.1.s390x",
                "product": {
                  "name": "apache2-example-pages-2.2.34-70.41.1.s390x",
                  "product_id": "apache2-example-pages-2.2.34-70.41.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "apache2-prefork-2.2.34-70.41.1.s390x",
                "product": {
                  "name": "apache2-prefork-2.2.34-70.41.1.s390x",
                  "product_id": "apache2-prefork-2.2.34-70.41.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "apache2-utils-2.2.34-70.41.1.s390x",
                "product": {
                  "name": "apache2-utils-2.2.34-70.41.1.s390x",
                  "product_id": "apache2-utils-2.2.34-70.41.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "apache2-worker-2.2.34-70.41.1.s390x",
                "product": {
                  "name": "apache2-worker-2.2.34-70.41.1.s390x",
                  "product_id": "apache2-worker-2.2.34-70.41.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "apache2-2.2.34-70.41.1.x86_64",
                "product": {
                  "name": "apache2-2.2.34-70.41.1.x86_64",
                  "product_id": "apache2-2.2.34-70.41.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "apache2-doc-2.2.34-70.41.1.x86_64",
                "product": {
                  "name": "apache2-doc-2.2.34-70.41.1.x86_64",
                  "product_id": "apache2-doc-2.2.34-70.41.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "apache2-example-pages-2.2.34-70.41.1.x86_64",
                "product": {
                  "name": "apache2-example-pages-2.2.34-70.41.1.x86_64",
                  "product_id": "apache2-example-pages-2.2.34-70.41.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "apache2-prefork-2.2.34-70.41.1.x86_64",
                "product": {
                  "name": "apache2-prefork-2.2.34-70.41.1.x86_64",
                  "product_id": "apache2-prefork-2.2.34-70.41.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "apache2-utils-2.2.34-70.41.1.x86_64",
                "product": {
                  "name": "apache2-utils-2.2.34-70.41.1.x86_64",
                  "product_id": "apache2-utils-2.2.34-70.41.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "apache2-worker-2.2.34-70.41.1.x86_64",
                "product": {
                  "name": "apache2-worker-2.2.34-70.41.1.x86_64",
                  "product_id": "apache2-worker-2.2.34-70.41.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Point of Sale 11 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Point of Sale 11 SP3",
                  "product_id": "SUSE Linux Enterprise Point of Sale 11 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-pos:11:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 11 SP4-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 11 SP4-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse_sles:11:sp4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-2.2.34-70.41.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
          "product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-2.2.34-70.41.1.i586"
        },
        "product_reference": "apache2-2.2.34-70.41.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-devel-2.2.34-70.41.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
          "product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-devel-2.2.34-70.41.1.i586"
        },
        "product_reference": "apache2-devel-2.2.34-70.41.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-doc-2.2.34-70.41.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
          "product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-doc-2.2.34-70.41.1.i586"
        },
        "product_reference": "apache2-doc-2.2.34-70.41.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-example-pages-2.2.34-70.41.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
          "product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-example-pages-2.2.34-70.41.1.i586"
        },
        "product_reference": "apache2-example-pages-2.2.34-70.41.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-prefork-2.2.34-70.41.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
          "product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-prefork-2.2.34-70.41.1.i586"
        },
        "product_reference": "apache2-prefork-2.2.34-70.41.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-utils-2.2.34-70.41.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
          "product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-utils-2.2.34-70.41.1.i586"
        },
        "product_reference": "apache2-utils-2.2.34-70.41.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-worker-2.2.34-70.41.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
          "product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-worker-2.2.34-70.41.1.i586"
        },
        "product_reference": "apache2-worker-2.2.34-70.41.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-2.2.34-70.41.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-2.2.34-70.41.1.i586"
        },
        "product_reference": "apache2-2.2.34-70.41.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-2.2.34-70.41.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-2.2.34-70.41.1.ppc64"
        },
        "product_reference": "apache2-2.2.34-70.41.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-2.2.34-70.41.1.s390x as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-2.2.34-70.41.1.s390x"
        },
        "product_reference": "apache2-2.2.34-70.41.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-2.2.34-70.41.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-2.2.34-70.41.1.x86_64"
        },
        "product_reference": "apache2-2.2.34-70.41.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-doc-2.2.34-70.41.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-doc-2.2.34-70.41.1.i586"
        },
        "product_reference": "apache2-doc-2.2.34-70.41.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-doc-2.2.34-70.41.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-doc-2.2.34-70.41.1.ppc64"
        },
        "product_reference": "apache2-doc-2.2.34-70.41.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-doc-2.2.34-70.41.1.s390x as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-doc-2.2.34-70.41.1.s390x"
        },
        "product_reference": "apache2-doc-2.2.34-70.41.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-doc-2.2.34-70.41.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-doc-2.2.34-70.41.1.x86_64"
        },
        "product_reference": "apache2-doc-2.2.34-70.41.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-example-pages-2.2.34-70.41.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-example-pages-2.2.34-70.41.1.i586"
        },
        "product_reference": "apache2-example-pages-2.2.34-70.41.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-example-pages-2.2.34-70.41.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-example-pages-2.2.34-70.41.1.ppc64"
        },
        "product_reference": "apache2-example-pages-2.2.34-70.41.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-example-pages-2.2.34-70.41.1.s390x as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-example-pages-2.2.34-70.41.1.s390x"
        },
        "product_reference": "apache2-example-pages-2.2.34-70.41.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-example-pages-2.2.34-70.41.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-example-pages-2.2.34-70.41.1.x86_64"
        },
        "product_reference": "apache2-example-pages-2.2.34-70.41.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-prefork-2.2.34-70.41.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-prefork-2.2.34-70.41.1.i586"
        },
        "product_reference": "apache2-prefork-2.2.34-70.41.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-prefork-2.2.34-70.41.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-prefork-2.2.34-70.41.1.ppc64"
        },
        "product_reference": "apache2-prefork-2.2.34-70.41.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-prefork-2.2.34-70.41.1.s390x as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-prefork-2.2.34-70.41.1.s390x"
        },
        "product_reference": "apache2-prefork-2.2.34-70.41.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-prefork-2.2.34-70.41.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-prefork-2.2.34-70.41.1.x86_64"
        },
        "product_reference": "apache2-prefork-2.2.34-70.41.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-utils-2.2.34-70.41.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-utils-2.2.34-70.41.1.i586"
        },
        "product_reference": "apache2-utils-2.2.34-70.41.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-utils-2.2.34-70.41.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-utils-2.2.34-70.41.1.ppc64"
        },
        "product_reference": "apache2-utils-2.2.34-70.41.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-utils-2.2.34-70.41.1.s390x as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-utils-2.2.34-70.41.1.s390x"
        },
        "product_reference": "apache2-utils-2.2.34-70.41.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-utils-2.2.34-70.41.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-utils-2.2.34-70.41.1.x86_64"
        },
        "product_reference": "apache2-utils-2.2.34-70.41.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-worker-2.2.34-70.41.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-worker-2.2.34-70.41.1.i586"
        },
        "product_reference": "apache2-worker-2.2.34-70.41.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-worker-2.2.34-70.41.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-worker-2.2.34-70.41.1.ppc64"
        },
        "product_reference": "apache2-worker-2.2.34-70.41.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-worker-2.2.34-70.41.1.s390x as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-worker-2.2.34-70.41.1.s390x"
        },
        "product_reference": "apache2-worker-2.2.34-70.41.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-worker-2.2.34-70.41.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-worker-2.2.34-70.41.1.x86_64"
        },
        "product_reference": "apache2-worker-2.2.34-70.41.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-22720",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-22720"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-2.2.34-70.41.1.i586",
          "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-devel-2.2.34-70.41.1.i586",
          "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-doc-2.2.34-70.41.1.i586",
          "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-example-pages-2.2.34-70.41.1.i586",
          "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-prefork-2.2.34-70.41.1.i586",
          "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-utils-2.2.34-70.41.1.i586",
          "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-worker-2.2.34-70.41.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-2.2.34-70.41.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-2.2.34-70.41.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-2.2.34-70.41.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-2.2.34-70.41.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-doc-2.2.34-70.41.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-doc-2.2.34-70.41.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-doc-2.2.34-70.41.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-doc-2.2.34-70.41.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-example-pages-2.2.34-70.41.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-example-pages-2.2.34-70.41.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-example-pages-2.2.34-70.41.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-example-pages-2.2.34-70.41.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-prefork-2.2.34-70.41.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-prefork-2.2.34-70.41.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-prefork-2.2.34-70.41.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-prefork-2.2.34-70.41.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-utils-2.2.34-70.41.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-utils-2.2.34-70.41.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-utils-2.2.34-70.41.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-utils-2.2.34-70.41.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-worker-2.2.34-70.41.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-worker-2.2.34-70.41.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-worker-2.2.34-70.41.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-worker-2.2.34-70.41.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-22720",
          "url": "https://www.suse.com/security/cve/CVE-2022-22720"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1197095 for CVE-2022-22720",
          "url": "https://bugzilla.suse.com/1197095"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1198430 for CVE-2022-22720",
          "url": "https://bugzilla.suse.com/1198430"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1198998 for CVE-2022-22720",
          "url": "https://bugzilla.suse.com/1198998"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1199102 for CVE-2022-22720",
          "url": "https://bugzilla.suse.com/1199102"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1199495 for CVE-2022-22720",
          "url": "https://bugzilla.suse.com/1199495"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1204730 for CVE-2022-22720",
          "url": "https://bugzilla.suse.com/1204730"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1225670 for CVE-2022-22720",
          "url": "https://bugzilla.suse.com/1225670"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-devel-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-doc-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-example-pages-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-prefork-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-utils-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-worker-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-2.2.34-70.41.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-2.2.34-70.41.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-2.2.34-70.41.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-doc-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-doc-2.2.34-70.41.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-doc-2.2.34-70.41.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-doc-2.2.34-70.41.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-example-pages-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-example-pages-2.2.34-70.41.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-example-pages-2.2.34-70.41.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-example-pages-2.2.34-70.41.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-prefork-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-prefork-2.2.34-70.41.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-prefork-2.2.34-70.41.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-prefork-2.2.34-70.41.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-utils-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-utils-2.2.34-70.41.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-utils-2.2.34-70.41.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-utils-2.2.34-70.41.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-worker-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-worker-2.2.34-70.41.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-worker-2.2.34-70.41.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-worker-2.2.34-70.41.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-devel-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-doc-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-example-pages-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-prefork-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-utils-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-worker-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-2.2.34-70.41.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-2.2.34-70.41.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-2.2.34-70.41.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-doc-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-doc-2.2.34-70.41.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-doc-2.2.34-70.41.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-doc-2.2.34-70.41.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-example-pages-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-example-pages-2.2.34-70.41.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-example-pages-2.2.34-70.41.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-example-pages-2.2.34-70.41.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-prefork-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-prefork-2.2.34-70.41.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-prefork-2.2.34-70.41.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-prefork-2.2.34-70.41.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-utils-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-utils-2.2.34-70.41.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-utils-2.2.34-70.41.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-utils-2.2.34-70.41.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-worker-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-worker-2.2.34-70.41.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-worker-2.2.34-70.41.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-worker-2.2.34-70.41.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-03-21T15:51:45Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-22720"
    },
    {
      "cve": "CVE-2022-22721",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-22721"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-2.2.34-70.41.1.i586",
          "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-devel-2.2.34-70.41.1.i586",
          "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-doc-2.2.34-70.41.1.i586",
          "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-example-pages-2.2.34-70.41.1.i586",
          "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-prefork-2.2.34-70.41.1.i586",
          "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-utils-2.2.34-70.41.1.i586",
          "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-worker-2.2.34-70.41.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-2.2.34-70.41.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-2.2.34-70.41.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-2.2.34-70.41.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-2.2.34-70.41.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-doc-2.2.34-70.41.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-doc-2.2.34-70.41.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-doc-2.2.34-70.41.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-doc-2.2.34-70.41.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-example-pages-2.2.34-70.41.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-example-pages-2.2.34-70.41.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-example-pages-2.2.34-70.41.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-example-pages-2.2.34-70.41.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-prefork-2.2.34-70.41.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-prefork-2.2.34-70.41.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-prefork-2.2.34-70.41.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-prefork-2.2.34-70.41.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-utils-2.2.34-70.41.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-utils-2.2.34-70.41.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-utils-2.2.34-70.41.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-utils-2.2.34-70.41.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-worker-2.2.34-70.41.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-worker-2.2.34-70.41.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-worker-2.2.34-70.41.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-worker-2.2.34-70.41.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-22721",
          "url": "https://www.suse.com/security/cve/CVE-2022-22721"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1197096 for CVE-2022-22721",
          "url": "https://bugzilla.suse.com/1197096"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1198430 for CVE-2022-22721",
          "url": "https://bugzilla.suse.com/1198430"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-devel-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-doc-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-example-pages-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-prefork-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-utils-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-worker-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-2.2.34-70.41.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-2.2.34-70.41.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-2.2.34-70.41.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-doc-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-doc-2.2.34-70.41.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-doc-2.2.34-70.41.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-doc-2.2.34-70.41.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-example-pages-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-example-pages-2.2.34-70.41.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-example-pages-2.2.34-70.41.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-example-pages-2.2.34-70.41.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-prefork-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-prefork-2.2.34-70.41.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-prefork-2.2.34-70.41.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-prefork-2.2.34-70.41.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-utils-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-utils-2.2.34-70.41.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-utils-2.2.34-70.41.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-utils-2.2.34-70.41.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-worker-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-worker-2.2.34-70.41.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-worker-2.2.34-70.41.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-worker-2.2.34-70.41.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-devel-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-doc-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-example-pages-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-prefork-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-utils-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-worker-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-2.2.34-70.41.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-2.2.34-70.41.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-2.2.34-70.41.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-doc-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-doc-2.2.34-70.41.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-doc-2.2.34-70.41.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-doc-2.2.34-70.41.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-example-pages-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-example-pages-2.2.34-70.41.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-example-pages-2.2.34-70.41.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-example-pages-2.2.34-70.41.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-prefork-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-prefork-2.2.34-70.41.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-prefork-2.2.34-70.41.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-prefork-2.2.34-70.41.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-utils-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-utils-2.2.34-70.41.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-utils-2.2.34-70.41.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-utils-2.2.34-70.41.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-worker-2.2.34-70.41.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-worker-2.2.34-70.41.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-worker-2.2.34-70.41.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-worker-2.2.34-70.41.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-03-21T15:51:45Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-22721"
    }
  ]
}

CVE-2022-22720 (GCVE-0-2022-22720)

Vulnerability from cvelistv5 – Published: 2022-03-14 10:15 – Updated: 2024-08-03 03:21

Title

HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier

Summary

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling

Severity

No CVSS data available.

CWE

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Assigner

apache

References

16 references

URL	Tags
https://httpd.apache.org/security/vulnerabilities…	x_refsource_MISC
http://www.openwall.com/lists/oss-security/2022/03/14/3	mailing-listx_refsource_MLIST
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.debian.org/debian-lts-announce/2022…	mailing-listx_refsource_MLIST
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://www.oracle.com/security-alerts/cpuapr2022.html	x_refsource_MISC
https://security.netapp.com/advisory/ntap-2022032…	x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2022/May/33	mailing-listx_refsource_FULLDISC
http://seclists.org/fulldisclosure/2022/May/35	mailing-listx_refsource_FULLDISC
http://seclists.org/fulldisclosure/2022/May/38	mailing-listx_refsource_FULLDISC
https://www.oracle.com/security-alerts/cpujul2022.html	x_refsource_MISC
https://support.apple.com/kb/HT213257	x_refsource_CONFIRM
https://support.apple.com/kb/HT213256	x_refsource_CONFIRM
https://support.apple.com/kb/HT213255	x_refsource_CONFIRM
https://security.gentoo.org/glsa/202208-20	vendor-advisoryx_refsource_GENTOO

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache HTTP Server	Affected: Apache HTTP Server 2.4 , ≤ 2.4.52 (custom)

Credits

James Kettle <james.kettle portswigger.net>

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:21:48.980Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
          },
          {
            "name": "[oss-security] 20220314 CVE-2022-22720: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/03/14/3"
          },
          {
            "name": "FEDORA-2022-b4103753e9",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/"
          },
          {
            "name": "[debian-lts-announce] 20220322 [SECURITY] [DLA 2960-1] apache2 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html"
          },
          {
            "name": "FEDORA-2022-21264ec6db",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/"
          },
          {
            "name": "FEDORA-2022-78e3211c55",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220321-0001/"
          },
          {
            "name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/May/33"
          },
          {
            "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/May/35"
          },
          {
            "name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/May/38"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213257"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213256"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213255"
          },
          {
            "name": "GLSA-202208-20",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202208-20"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache HTTP Server",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "2.4.52",
              "status": "affected",
              "version": "Apache HTTP Server 2.4",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "James Kettle \u003cjames.kettle portswigger.net\u003e"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling"
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "other": "important"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-444",
              "description": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-14T01:07:14.000Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        },
        {
          "name": "[oss-security] 20220314 CVE-2022-22720: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/03/14/3"
        },
        {
          "name": "FEDORA-2022-b4103753e9",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/"
        },
        {
          "name": "[debian-lts-announce] 20220322 [SECURITY] [DLA 2960-1] apache2 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html"
        },
        {
          "name": "FEDORA-2022-21264ec6db",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/"
        },
        {
          "name": "FEDORA-2022-78e3211c55",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220321-0001/"
        },
        {
          "name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/May/33"
        },
        {
          "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/May/35"
        },
        {
          "name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/May/38"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT213257"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT213256"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT213255"
        },
        {
          "name": "GLSA-202208-20",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202208-20"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2022-22720",
          "STATE": "PUBLIC",
          "TITLE": "HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache HTTP Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "Apache HTTP Server 2.4",
                            "version_value": "2.4.52"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "James Kettle \u003cjames.kettle portswigger.net\u003e"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling"
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": [
          {
            "other": "important"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://httpd.apache.org/security/vulnerabilities_24.html",
              "refsource": "MISC",
              "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
            },
            {
              "name": "[oss-security] 20220314 CVE-2022-22720: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2022/03/14/3"
            },
            {
              "name": "FEDORA-2022-b4103753e9",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/"
            },
            {
              "name": "[debian-lts-announce] 20220322 [SECURITY] [DLA 2960-1] apache2 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html"
            },
            {
              "name": "FEDORA-2022-21264ec6db",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/"
            },
            {
              "name": "FEDORA-2022-78e3211c55",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220321-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220321-0001/"
            },
            {
              "name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2022/May/33"
            },
            {
              "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2022/May/35"
            },
            {
              "name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2022/May/38"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            },
            {
              "name": "https://support.apple.com/kb/HT213257",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT213257"
            },
            {
              "name": "https://support.apple.com/kb/HT213256",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT213256"
            },
            {
              "name": "https://support.apple.com/kb/HT213255",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT213255"
            },
            {
              "name": "GLSA-202208-20",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202208-20"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2022-22720",
    "datePublished": "2022-03-14T10:15:29.000Z",
    "dateReserved": "2022-01-06T00:00:00.000Z",
    "dateUpdated": "2024-08-03T03:21:48.980Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-22721 (GCVE-0-2022-22721)

Vulnerability from cvelistv5 – Published: 2022-03-14 10:15 – Updated: 2024-08-03 03:21

Title

core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody

Summary

If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.

Severity

No CVSS data available.

CWE

CWE-190 - Integer Overflow or Wraparound

Assigner

apache

References

16 references

URL	Tags
https://httpd.apache.org/security/vulnerabilities…	x_refsource_MISC
http://www.openwall.com/lists/oss-security/2022/03/14/2	mailing-listx_refsource_MLIST
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.debian.org/debian-lts-announce/2022…	mailing-listx_refsource_MLIST
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://www.oracle.com/security-alerts/cpuapr2022.html	x_refsource_MISC
https://security.netapp.com/advisory/ntap-2022032…	x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2022/May/33	mailing-listx_refsource_FULLDISC
http://seclists.org/fulldisclosure/2022/May/35	mailing-listx_refsource_FULLDISC
http://seclists.org/fulldisclosure/2022/May/38	mailing-listx_refsource_FULLDISC
https://www.oracle.com/security-alerts/cpujul2022.html	x_refsource_MISC
https://support.apple.com/kb/HT213257	x_refsource_CONFIRM
https://support.apple.com/kb/HT213256	x_refsource_CONFIRM
https://support.apple.com/kb/HT213255	x_refsource_CONFIRM
https://security.gentoo.org/glsa/202208-20	vendor-advisoryx_refsource_GENTOO

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache HTTP Server	Affected: Apache HTTP Server 2.4 , ≤ 2.4.52 (custom)

Credits

Anonymous working with Trend Micro Zero Day Initiative

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:21:48.950Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
          },
          {
            "name": "[oss-security] 20220314 CVE-2022-22721: Apache HTTP Server: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/03/14/2"
          },
          {
            "name": "FEDORA-2022-b4103753e9",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/"
          },
          {
            "name": "[debian-lts-announce] 20220322 [SECURITY] [DLA 2960-1] apache2 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html"
          },
          {
            "name": "FEDORA-2022-21264ec6db",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/"
          },
          {
            "name": "FEDORA-2022-78e3211c55",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220321-0001/"
          },
          {
            "name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/May/33"
          },
          {
            "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/May/35"
          },
          {
            "name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/May/38"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213257"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213256"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213255"
          },
          {
            "name": "GLSA-202208-20",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202208-20"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache HTTP Server",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "2.4.52",
              "status": "affected",
              "version": "Apache HTTP Server 2.4",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Anonymous working with Trend Micro Zero Day Initiative"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "other": "low"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190 Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-14T01:07:45.000Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        },
        {
          "name": "[oss-security] 20220314 CVE-2022-22721: Apache HTTP Server: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/03/14/2"
        },
        {
          "name": "FEDORA-2022-b4103753e9",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/"
        },
        {
          "name": "[debian-lts-announce] 20220322 [SECURITY] [DLA 2960-1] apache2 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html"
        },
        {
          "name": "FEDORA-2022-21264ec6db",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/"
        },
        {
          "name": "FEDORA-2022-78e3211c55",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220321-0001/"
        },
        {
          "name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/May/33"
        },
        {
          "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/May/35"
        },
        {
          "name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/May/38"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT213257"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT213256"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT213255"
        },
        {
          "name": "GLSA-202208-20",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202208-20"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2021-12-16T00:00:00.000Z",
          "value": "Reported to security team"
        }
      ],
      "title": "core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2022-22721",
          "STATE": "PUBLIC",
          "TITLE": "core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache HTTP Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "Apache HTTP Server 2.4",
                            "version_value": "2.4.52"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Anonymous working with Trend Micro Zero Day Initiative"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": [
          {
            "other": "low"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-190 Integer Overflow or Wraparound"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://httpd.apache.org/security/vulnerabilities_24.html",
              "refsource": "MISC",
              "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
            },
            {
              "name": "[oss-security] 20220314 CVE-2022-22721: Apache HTTP Server: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2022/03/14/2"
            },
            {
              "name": "FEDORA-2022-b4103753e9",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/"
            },
            {
              "name": "[debian-lts-announce] 20220322 [SECURITY] [DLA 2960-1] apache2 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html"
            },
            {
              "name": "FEDORA-2022-21264ec6db",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/"
            },
            {
              "name": "FEDORA-2022-78e3211c55",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220321-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220321-0001/"
            },
            {
              "name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2022/May/33"
            },
            {
              "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2022/May/35"
            },
            {
              "name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2022/May/38"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            },
            {
              "name": "https://support.apple.com/kb/HT213257",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT213257"
            },
            {
              "name": "https://support.apple.com/kb/HT213256",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT213256"
            },
            {
              "name": "https://support.apple.com/kb/HT213255",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT213255"
            },
            {
              "name": "GLSA-202208-20",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202208-20"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2021-12-16T00:00:00.000Z",
            "value": "Reported to security team"
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2022-22721",
    "datePublished": "2022-03-14T10:15:40.000Z",
    "dateReserved": "2022-01-06T00:00:00.000Z",
    "dateUpdated": "2024-08-03T03:21:48.950Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

SUSE-SU-2022:14924-1

CVE-2022-22720 (GCVE-0-2022-22720)

CVE-2022-22721 (GCVE-0-2022-22721)

Tags

Sightings

Nomenclature