Details of VAR-202203-0072

ID

VAR-202203-0072

CVE

CVE-2022-22720

TITLE

Apache HTTP Server In HTTP Request Smuggling Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-001479

DESCRIPTION

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling. The server is fast, reliable and extensible through a simple API. No detailed vulnerability details were provided at this time. 7) - noarch, x86_64 3. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: httpd security update Advisory ID: RHSA-2022:1045-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1045 Issue date: 2022-03-24 CVE Names: CVE-2022-22720 ==================================================================== 1. Summary: An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. 5. Package List: Red Hat Enterprise Linux Client Optional (v. 7): Source: httpd-2.4.6-97.el7_9.5.src.rpm noarch: httpd-manual-2.4.6-97.el7_9.5.noarch.rpm x86_64: httpd-2.4.6-97.el7_9.5.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.5.x86_64.rpm httpd-devel-2.4.6-97.el7_9.5.x86_64.rpm httpd-tools-2.4.6-97.el7_9.5.x86_64.rpm mod_ldap-2.4.6-97.el7_9.5.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.5.x86_64.rpm mod_session-2.4.6-97.el7_9.5.x86_64.rpm mod_ssl-2.4.6-97.el7_9.5.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: httpd-2.4.6-97.el7_9.5.src.rpm noarch: httpd-manual-2.4.6-97.el7_9.5.noarch.rpm x86_64: httpd-2.4.6-97.el7_9.5.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.5.x86_64.rpm httpd-devel-2.4.6-97.el7_9.5.x86_64.rpm httpd-tools-2.4.6-97.el7_9.5.x86_64.rpm mod_ldap-2.4.6-97.el7_9.5.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.5.x86_64.rpm mod_session-2.4.6-97.el7_9.5.x86_64.rpm mod_ssl-2.4.6-97.el7_9.5.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: httpd-2.4.6-97.el7_9.5.src.rpm noarch: httpd-manual-2.4.6-97.el7_9.5.noarch.rpm ppc64: httpd-2.4.6-97.el7_9.5.ppc64.rpm httpd-debuginfo-2.4.6-97.el7_9.5.ppc64.rpm httpd-devel-2.4.6-97.el7_9.5.ppc64.rpm httpd-tools-2.4.6-97.el7_9.5.ppc64.rpm mod_session-2.4.6-97.el7_9.5.ppc64.rpm mod_ssl-2.4.6-97.el7_9.5.ppc64.rpm ppc64le: httpd-2.4.6-97.el7_9.5.ppc64le.rpm httpd-debuginfo-2.4.6-97.el7_9.5.ppc64le.rpm httpd-devel-2.4.6-97.el7_9.5.ppc64le.rpm httpd-tools-2.4.6-97.el7_9.5.ppc64le.rpm mod_session-2.4.6-97.el7_9.5.ppc64le.rpm mod_ssl-2.4.6-97.el7_9.5.ppc64le.rpm s390x: httpd-2.4.6-97.el7_9.5.s390x.rpm httpd-debuginfo-2.4.6-97.el7_9.5.s390x.rpm httpd-devel-2.4.6-97.el7_9.5.s390x.rpm httpd-tools-2.4.6-97.el7_9.5.s390x.rpm mod_session-2.4.6-97.el7_9.5.s390x.rpm mod_ssl-2.4.6-97.el7_9.5.s390x.rpm x86_64: httpd-2.4.6-97.el7_9.5.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.5.x86_64.rpm httpd-devel-2.4.6-97.el7_9.5.x86_64.rpm httpd-tools-2.4.6-97.el7_9.5.x86_64.rpm mod_session-2.4.6-97.el7_9.5.x86_64.rpm mod_ssl-2.4.6-97.el7_9.5.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: httpd-debuginfo-2.4.6-97.el7_9.5.ppc64.rpm mod_ldap-2.4.6-97.el7_9.5.ppc64.rpm mod_proxy_html-2.4.6-97.el7_9.5.ppc64.rpm ppc64le: httpd-debuginfo-2.4.6-97.el7_9.5.ppc64le.rpm mod_ldap-2.4.6-97.el7_9.5.ppc64le.rpm mod_proxy_html-2.4.6-97.el7_9.5.ppc64le.rpm s390x: httpd-debuginfo-2.4.6-97.el7_9.5.s390x.rpm mod_ldap-2.4.6-97.el7_9.5.s390x.rpm mod_proxy_html-2.4.6-97.el7_9.5.s390x.rpm x86_64: httpd-debuginfo-2.4.6-97.el7_9.5.x86_64.rpm mod_ldap-2.4.6-97.el7_9.5.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: httpd-2.4.6-97.el7_9.5.src.rpm noarch: httpd-manual-2.4.6-97.el7_9.5.noarch.rpm x86_64: httpd-2.4.6-97.el7_9.5.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.5.x86_64.rpm httpd-devel-2.4.6-97.el7_9.5.x86_64.rpm httpd-tools-2.4.6-97.el7_9.5.x86_64.rpm mod_session-2.4.6-97.el7_9.5.x86_64.rpm mod_ssl-2.4.6-97.el7_9.5.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: httpd-debuginfo-2.4.6-97.el7_9.5.x86_64.rpm mod_ldap-2.4.6-97.el7_9.5.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-22720 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYjyOdNzjgjWX9erEAQhVww/+JFTM+pih2pdBcB+UAF9/Ym/u45DXpPsM EDRpXAVYFxKcxJh/BZNbNIu7nok8Kq5i54mS/nLKFtAU4NgnyUkwKqTeQO4tYXFw MKIbHyCo5vyz341FxjhMVOt1SVV5Zqc5r6bnRZptoN5XfA7siRSUTwWL3CZs1JUn STKr7mY1eeAvJRdjUcZgvbGrQTBAGdqKHyE8i66wcjifqarx4rPWLgJV6XOb9Mod cmxoUefSpoRoneOAPWjuo/rEaOu4yYfpEyfVMiAlzGtJhrcvE4yUXR8J5MAt5y20 fT82SoGYSmdao3RL7WClpndtnpLG7Jd2IuVC8MVZNyUhuSDAsnkk//RUcbHay4Ei bMoVGDkOTBGEAFQkygZ9dGqLHkc2sp8uYzIfZabhjui8BDcVrzJ0spI2lB0bYhP6 EO0/mhd6m/rRuKnlPtM8E0CSdzB06z5vLELxrA++xaOhzEESsc7yl/JS8Ob+KOPQ GL2OjkUqh2PXokwhsIIK2IbWV3ZDXqrWhzViW1+a1Hi0BL01IdfRN1lfbZeoafu8 ajIttYbI0/7IJsjYg6aPZtRiMtsFZhH4ry4AjKt75jKZcjKF7FsYuMeOZTdOOC11 JeBoN5wLQonOoMscCbIjka/bbn0m4m1eNl61UM26sCw4CzzTEQx2b9AL6kfGPUwj 3zFDnOe0dNg=gNTS -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. 6 ELS) - i386, noarch, s390x, x86_64 3. ========================================================================== Ubuntu Security Notice USN-5333-1 March 17, 2022 apache2 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in Apache HTTP Server. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. In certain configurations, a remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-22721) Ronald Crane discovered that the Apache HTTP Server mod_sed module incorrectly handled memory. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-23943) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10: apache2 2.4.48-3.1ubuntu3.3 apache2-bin 2.4.48-3.1ubuntu3.3 Ubuntu 20.04 LTS: apache2 2.4.41-4ubuntu3.10 apache2-bin 2.4.41-4ubuntu3.10 Ubuntu 18.04 LTS: apache2 2.4.29-1ubuntu4.22 apache2-bin 2.4.29-1ubuntu4.22 In general, a standard system update will make all the necessary changes

Trust: 2.43

sources: NVD: CVE-2022-22720 // JVNDB: JVNDB-2022-001479 // VULHUB: VHN-411396 // PACKETSTORM: 166488 // PACKETSTORM: 166501 // PACKETSTORM: 166450 // PACKETSTORM: 166457 // PACKETSTORM: 166805 // PACKETSTORM: 166584 // PACKETSTORM: 166581 // PACKETSTORM: 166355

AFFECTED PRODUCTS

vendor:	日立	model:	ucosminexus primary server base	scope:	-	version:	-	Trust: 1.6
vendor:	日立	model:	ucosminexus service platform	scope:	-	version:	-	Trust: 1.6
vendor:	日立	model:	ucosminexus application server	scope:	-	version:	-	Trust: 1.6
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	34	Trust: 1.0
vendor:	oracle	model:	enterprise manager ops center	scope:	eq	version:	12.4.0.0	Trust: 1.0
vendor:	oracle	model:	http server	scope:	eq	version:	12.2.1.4.0	Trust: 1.0
vendor:	oracle	model:	zfs storage appliance kit	scope:	eq	version:	8.8	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.15.7	Trust: 1.0
vendor:	apache	model:	http server	scope:	lte	version:	2.4.52	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	10.15.7	Trust: 1.0
vendor:	apple	model:	macos	scope:	gte	version:	12.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	36	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	35	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	11.6.6	Trust: 1.0
vendor:	oracle	model:	http server	scope:	eq	version:	12.2.1.3.0	Trust: 1.0
vendor:	apple	model:	macos	scope:	gte	version:	11.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	apple	model:	macos	scope:	lte	version:	12.4	Trust: 1.0
vendor:	日立	model:	hitachi navigation platform	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	ucosminexus developer professional	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	actsecure ポータル	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	hitachi it operations director	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	hitachi infrastructure analytics advisor	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	hitachi tiered storage manager	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	hitachi ops center api configuration manager	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	ucosminexus developer 01	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	ucosminexus developer standard	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	jp1/navigation platform	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	ucosminexus application server standard-r	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	ucosminexus developer	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	ucosminexus developer professional for plug-in	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	ucosminexus application server express	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	hitachi ops center analyzer	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	hitachi replication manager	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	hitachi application server for developers	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	hitachi application server	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	hitachi configuration manager	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	hitachi ops center automator	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	hitachi tuning manager	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	ucosminexus application server-r	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	ucosminexus service architect	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	ucosminexus service platform - messaging	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	webotx application server	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	ucosminexus application server smart edition	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	connexive application platform	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	hitachi web server - custom edition	scope:	-	version:	-	Trust: 0.8
vendor:	apache	model:	http server	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	hitachi navigation platform for developers	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	spoolserver/reportfiling	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	iot 共通基盤	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	jp1/service level management	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	hitachi device manager	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	witchymail	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	connexive pf	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	ucosminexus application server enterprise	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	hitachi compute systems manager	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	hitachi web server	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	日立高信頼サーバ rv3000	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	ucosminexus application server standard	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	cosminexus http server	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	hitachi global link manager	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	hitachi ops center viewpoint	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	hitachi automation director	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-001479 // NVD: CVE-2022-22720

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-22720
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2022-22720
value:	CRITICAL
Trust: 0.8
VULHUB:	VHN-411396
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2022-22720
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-411396
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-22720
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-22720
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-411396 // JVNDB: JVNDB-2022-001479 // NVD: CVE-2022-22720

PROBLEMTYPE DATA

problemtype:	CWE-444	Trust: 1.1
problemtype:	HTTP Request Smuggling (CWE-444) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-411396 // JVNDB: JVNDB-2022-001479 // NVD: CVE-2022-22720

THREAT TYPE

remote

Trust: 0.1

sources: PACKETSTORM: 166355

TYPE

overflow

Trust: 0.2

sources: PACKETSTORM: 166805 // PACKETSTORM: 166581

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-411396

PATCH

title:

hitachi-sec-2022-142

url:

https://httpd.apache.org/security/vulnerabilities_24.html

Trust: 0.8

sources: JVNDB: JVNDB-2022-001479

EXTERNAL IDS

db:	NVD	id:	CVE-2022-22720	Trust: 3.5
db:	OPENWALL	id:	OSS-SECURITY/2022/03/14/3	Trust: 1.9
db:	JVN	id:	JVNVU99602154	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-001479	Trust: 0.8
db:	PACKETSTORM	id:	166501	Trust: 0.2
db:	PACKETSTORM	id:	166355	Trust: 0.2
db:	PACKETSTORM	id:	166450	Trust: 0.2
db:	PACKETSTORM	id:	166457	Trust: 0.2
db:	PACKETSTORM	id:	166488	Trust: 0.2
db:	PACKETSTORM	id:	166492	Trust: 0.1
db:	PACKETSTORM	id:	166365	Trust: 0.1
db:	PACKETSTORM	id:	167188	Trust: 0.1
db:	PACKETSTORM	id:	167189	Trust: 0.1
db:	PACKETSTORM	id:	167186	Trust: 0.1
db:	PACKETSTORM	id:	168072	Trust: 0.1
db:	PACKETSTORM	id:	166528	Trust: 0.1
db:	CNVD	id:	CNVD-2022-51061	Trust: 0.1
db:	VULHUB	id:	VHN-411396	Trust: 0.1
db:	PACKETSTORM	id:	166805	Trust: 0.1
db:	PACKETSTORM	id:	166584	Trust: 0.1
db:	PACKETSTORM	id:	166581	Trust: 0.1

sources: VULHUB: VHN-411396 // JVNDB: JVNDB-2022-001479 // PACKETSTORM: 166488 // PACKETSTORM: 166501 // PACKETSTORM: 166450 // PACKETSTORM: 166457 // PACKETSTORM: 166805 // PACKETSTORM: 166584 // PACKETSTORM: 166581 // PACKETSTORM: 166355 // NVD: CVE-2022-22720

REFERENCES

url:	http://www.openwall.com/lists/oss-security/2022/03/14/3	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22720	Trust: 1.6
url:	https://security.netapp.com/advisory/ntap-20220321-0001/	Trust: 1.1
url:	https://support.apple.com/kb/ht213255	Trust: 1.1
url:	https://support.apple.com/kb/ht213256	Trust: 1.1
url:	https://support.apple.com/kb/ht213257	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2022/may/38	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2022/may/35	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2022/may/33	Trust: 1.1
url:	https://security.gentoo.org/glsa/202208-20	Trust: 1.1
url:	https://httpd.apache.org/security/vulnerabilities_24.html	Trust: 1.1
url:	https://www.oracle.com/security-alerts/cpuapr2022.html	Trust: 1.1
url:	https://www.oracle.com/security-alerts/cpujul2022.html	Trust: 1.1
url:	https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/rgwilbort67shmslysqzg2nmxgcmpuzo/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/x73c35mmmzgbvpqqch7lqzumyznqa5fo/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/z7h26wj6tpknwv3qky4bhkukqvutzjtd/	Trust: 1.0
url:	https://jvn.jp/vu/jvnvu99602154/	Trust: 0.8
url:	https://bugzilla.redhat.com/):	Trust: 0.7
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.7
url:	https://access.redhat.com/security/team/contact/	Trust: 0.7
url:	https://access.redhat.com/security/cve/cve-2022-22720	Trust: 0.7
url:	https://access.redhat.com/security/team/key/	Trust: 0.7
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.7
url:	https://access.redhat.com/articles/11258	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/z7h26wj6tpknwv3qky4bhkukqvutzjtd/	Trust: 0.1
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/x73c35mmmzgbvpqqch7lqzumyznqa5fo/	Trust: 0.1
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rgwilbort67shmslysqzg2nmxgcmpuzo/	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1072	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1075	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1049	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1045	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1389	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3537	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-0778	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3541	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3516	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3517	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0778	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3518	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3537	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3541	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-23308	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23308	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3517	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3518	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3516	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1173	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-44790	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-44790	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1139	Trust: 0.1
url:	https://ubuntu.com/security/notices/usn-5333-1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/apache2/2.4.48-3.1ubuntu3.3	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23943	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.10	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22719	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22721	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.22	Trust: 0.1

CREDITS

Red Hat

Trust: 0.7

sources: PACKETSTORM: 166488 // PACKETSTORM: 166501 // PACKETSTORM: 166450 // PACKETSTORM: 166457 // PACKETSTORM: 166805 // PACKETSTORM: 166584 // PACKETSTORM: 166581

SOURCES

db:	VULHUB	id:	VHN-411396
db:	JVNDB	id:	JVNDB-2022-001479
db:	PACKETSTORM	id:	166488
db:	PACKETSTORM	id:	166501
db:	PACKETSTORM	id:	166450
db:	PACKETSTORM	id:	166457
db:	PACKETSTORM	id:	166805
db:	PACKETSTORM	id:	166584
db:	PACKETSTORM	id:	166581
db:	PACKETSTORM	id:	166355
db:	NVD	id:	CVE-2022-22720

LAST UPDATE DATE

2024-11-20T21:56:25.417000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-411396	date:	2022-11-02T00:00:00
db:	JVNDB	id:	JVNDB-2022-001479	date:	2023-12-12T07:47:00
db:	NVD	id:	CVE-2022-22720	date:	2023-11-07T03:43:58.403

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-411396	date:	2022-03-14T00:00:00
db:	JVNDB	id:	JVNDB-2022-001479	date:	2022-03-23T00:00:00
db:	PACKETSTORM	id:	166488	date:	2022-03-28T15:52:08
db:	PACKETSTORM	id:	166501	date:	2022-03-28T15:55:12
db:	PACKETSTORM	id:	166450	date:	2022-03-25T15:18:59
db:	PACKETSTORM	id:	166457	date:	2022-03-25T15:21:09
db:	PACKETSTORM	id:	166805	date:	2022-04-21T15:10:14
db:	PACKETSTORM	id:	166584	date:	2022-04-04T14:38:55
db:	PACKETSTORM	id:	166581	date:	2022-04-04T14:36:10
db:	PACKETSTORM	id:	166355	date:	2022-03-17T15:54:28
db:	NVD	id:	CVE-2022-22720	date:	2022-03-14T11:15:09.083