ID

VAR-202203-0072


CVE

CVE-2022-22720


TITLE

Apache HTTP Server  In  HTTP  Request Smuggling Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-001479

DESCRIPTION

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling. The server is fast, reliable and extensible through a simple API. No detailed vulnerability details were provided at this time. 7) - noarch, x86_64 3. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: httpd security update Advisory ID: RHSA-2022:1045-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1045 Issue date: 2022-03-24 CVE Names: CVE-2022-22720 ==================================================================== 1. Summary: An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. 5. Package List: Red Hat Enterprise Linux Client Optional (v. 7): Source: httpd-2.4.6-97.el7_9.5.src.rpm noarch: httpd-manual-2.4.6-97.el7_9.5.noarch.rpm x86_64: httpd-2.4.6-97.el7_9.5.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.5.x86_64.rpm httpd-devel-2.4.6-97.el7_9.5.x86_64.rpm httpd-tools-2.4.6-97.el7_9.5.x86_64.rpm mod_ldap-2.4.6-97.el7_9.5.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.5.x86_64.rpm mod_session-2.4.6-97.el7_9.5.x86_64.rpm mod_ssl-2.4.6-97.el7_9.5.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: httpd-2.4.6-97.el7_9.5.src.rpm noarch: httpd-manual-2.4.6-97.el7_9.5.noarch.rpm x86_64: httpd-2.4.6-97.el7_9.5.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.5.x86_64.rpm httpd-devel-2.4.6-97.el7_9.5.x86_64.rpm httpd-tools-2.4.6-97.el7_9.5.x86_64.rpm mod_ldap-2.4.6-97.el7_9.5.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.5.x86_64.rpm mod_session-2.4.6-97.el7_9.5.x86_64.rpm mod_ssl-2.4.6-97.el7_9.5.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: httpd-2.4.6-97.el7_9.5.src.rpm noarch: httpd-manual-2.4.6-97.el7_9.5.noarch.rpm ppc64: httpd-2.4.6-97.el7_9.5.ppc64.rpm httpd-debuginfo-2.4.6-97.el7_9.5.ppc64.rpm httpd-devel-2.4.6-97.el7_9.5.ppc64.rpm httpd-tools-2.4.6-97.el7_9.5.ppc64.rpm mod_session-2.4.6-97.el7_9.5.ppc64.rpm mod_ssl-2.4.6-97.el7_9.5.ppc64.rpm ppc64le: httpd-2.4.6-97.el7_9.5.ppc64le.rpm httpd-debuginfo-2.4.6-97.el7_9.5.ppc64le.rpm httpd-devel-2.4.6-97.el7_9.5.ppc64le.rpm httpd-tools-2.4.6-97.el7_9.5.ppc64le.rpm mod_session-2.4.6-97.el7_9.5.ppc64le.rpm mod_ssl-2.4.6-97.el7_9.5.ppc64le.rpm s390x: httpd-2.4.6-97.el7_9.5.s390x.rpm httpd-debuginfo-2.4.6-97.el7_9.5.s390x.rpm httpd-devel-2.4.6-97.el7_9.5.s390x.rpm httpd-tools-2.4.6-97.el7_9.5.s390x.rpm mod_session-2.4.6-97.el7_9.5.s390x.rpm mod_ssl-2.4.6-97.el7_9.5.s390x.rpm x86_64: httpd-2.4.6-97.el7_9.5.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.5.x86_64.rpm httpd-devel-2.4.6-97.el7_9.5.x86_64.rpm httpd-tools-2.4.6-97.el7_9.5.x86_64.rpm mod_session-2.4.6-97.el7_9.5.x86_64.rpm mod_ssl-2.4.6-97.el7_9.5.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: httpd-debuginfo-2.4.6-97.el7_9.5.ppc64.rpm mod_ldap-2.4.6-97.el7_9.5.ppc64.rpm mod_proxy_html-2.4.6-97.el7_9.5.ppc64.rpm ppc64le: httpd-debuginfo-2.4.6-97.el7_9.5.ppc64le.rpm mod_ldap-2.4.6-97.el7_9.5.ppc64le.rpm mod_proxy_html-2.4.6-97.el7_9.5.ppc64le.rpm s390x: httpd-debuginfo-2.4.6-97.el7_9.5.s390x.rpm mod_ldap-2.4.6-97.el7_9.5.s390x.rpm mod_proxy_html-2.4.6-97.el7_9.5.s390x.rpm x86_64: httpd-debuginfo-2.4.6-97.el7_9.5.x86_64.rpm mod_ldap-2.4.6-97.el7_9.5.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: httpd-2.4.6-97.el7_9.5.src.rpm noarch: httpd-manual-2.4.6-97.el7_9.5.noarch.rpm x86_64: httpd-2.4.6-97.el7_9.5.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.5.x86_64.rpm httpd-devel-2.4.6-97.el7_9.5.x86_64.rpm httpd-tools-2.4.6-97.el7_9.5.x86_64.rpm mod_session-2.4.6-97.el7_9.5.x86_64.rpm mod_ssl-2.4.6-97.el7_9.5.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: httpd-debuginfo-2.4.6-97.el7_9.5.x86_64.rpm mod_ldap-2.4.6-97.el7_9.5.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-22720 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYjyOdNzjgjWX9erEAQhVww/+JFTM+pih2pdBcB+UAF9/Ym/u45DXpPsM EDRpXAVYFxKcxJh/BZNbNIu7nok8Kq5i54mS/nLKFtAU4NgnyUkwKqTeQO4tYXFw MKIbHyCo5vyz341FxjhMVOt1SVV5Zqc5r6bnRZptoN5XfA7siRSUTwWL3CZs1JUn STKr7mY1eeAvJRdjUcZgvbGrQTBAGdqKHyE8i66wcjifqarx4rPWLgJV6XOb9Mod cmxoUefSpoRoneOAPWjuo/rEaOu4yYfpEyfVMiAlzGtJhrcvE4yUXR8J5MAt5y20 fT82SoGYSmdao3RL7WClpndtnpLG7Jd2IuVC8MVZNyUhuSDAsnkk//RUcbHay4Ei bMoVGDkOTBGEAFQkygZ9dGqLHkc2sp8uYzIfZabhjui8BDcVrzJ0spI2lB0bYhP6 EO0/mhd6m/rRuKnlPtM8E0CSdzB06z5vLELxrA++xaOhzEESsc7yl/JS8Ob+KOPQ GL2OjkUqh2PXokwhsIIK2IbWV3ZDXqrWhzViW1+a1Hi0BL01IdfRN1lfbZeoafu8 ajIttYbI0/7IJsjYg6aPZtRiMtsFZhH4ry4AjKt75jKZcjKF7FsYuMeOZTdOOC11 JeBoN5wLQonOoMscCbIjka/bbn0m4m1eNl61UM26sCw4CzzTEQx2b9AL6kfGPUwj 3zFDnOe0dNg=gNTS -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. 6 ELS) - i386, noarch, s390x, x86_64 3. ========================================================================== Ubuntu Security Notice USN-5333-1 March 17, 2022 apache2 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in Apache HTTP Server. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. In certain configurations, a remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-22721) Ronald Crane discovered that the Apache HTTP Server mod_sed module incorrectly handled memory. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-23943) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10: apache2 2.4.48-3.1ubuntu3.3 apache2-bin 2.4.48-3.1ubuntu3.3 Ubuntu 20.04 LTS: apache2 2.4.41-4ubuntu3.10 apache2-bin 2.4.41-4ubuntu3.10 Ubuntu 18.04 LTS: apache2 2.4.29-1ubuntu4.22 apache2-bin 2.4.29-1ubuntu4.22 In general, a standard system update will make all the necessary changes

Trust: 2.43

sources: NVD: CVE-2022-22720 // JVNDB: JVNDB-2022-001479 // VULHUB: VHN-411396 // PACKETSTORM: 166488 // PACKETSTORM: 166501 // PACKETSTORM: 166450 // PACKETSTORM: 166457 // PACKETSTORM: 166805 // PACKETSTORM: 166584 // PACKETSTORM: 166581 // PACKETSTORM: 166355

AFFECTED PRODUCTS

vendor:日立model:ucosminexus primary server basescope: - version: -

Trust: 1.6

vendor:日立model:ucosminexus service platformscope: - version: -

Trust: 1.6

vendor:日立model:ucosminexus application serverscope: - version: -

Trust: 1.6

vendor:fedoraprojectmodel:fedorascope:eqversion:34

Trust: 1.0

vendor:oraclemodel:enterprise manager ops centerscope:eqversion:12.4.0.0

Trust: 1.0

vendor:oraclemodel:http serverscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:zfs storage appliance kitscope:eqversion:8.8

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.7

Trust: 1.0

vendor:apachemodel:http serverscope:lteversion:2.4.52

Trust: 1.0

vendor:applemodel:macosscope:ltversion:10.15.7

Trust: 1.0

vendor:applemodel:macosscope:gteversion:12.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:36

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:35

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.6.6

Trust: 1.0

vendor:oraclemodel:http serverscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:applemodel:macosscope:lteversion:12.4

Trust: 1.0

vendor:日立model:hitachi navigation platformscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus developer professionalscope: - version: -

Trust: 0.8

vendor:日本電気model:actsecure ポータルscope: - version: -

Trust: 0.8

vendor:日立model:hitachi it operations directorscope: - version: -

Trust: 0.8

vendor:日立model:hitachi infrastructure analytics advisorscope: - version: -

Trust: 0.8

vendor:日立model:hitachi tiered storage managerscope: - version: -

Trust: 0.8

vendor:日立model:hitachi ops center api configuration managerscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus developer 01scope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus developer standardscope: - version: -

Trust: 0.8

vendor:日立model:jp1/navigation platformscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus application server standard-rscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus developerscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus developer professional for plug-inscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus application server expressscope: - version: -

Trust: 0.8

vendor:日立model:hitachi ops center analyzerscope: - version: -

Trust: 0.8

vendor:日立model:hitachi replication managerscope: - version: -

Trust: 0.8

vendor:日立model:hitachi application server for developersscope: - version: -

Trust: 0.8

vendor:日立model:hitachi application serverscope: - version: -

Trust: 0.8

vendor:日立model:hitachi configuration managerscope: - version: -

Trust: 0.8

vendor:日立model:hitachi ops center automatorscope: - version: -

Trust: 0.8

vendor:日立model:hitachi tuning managerscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus application server-rscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus service architectscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus service platform - messagingscope: - version: -

Trust: 0.8

vendor:日本電気model:webotx application serverscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus application server smart editionscope: - version: -

Trust: 0.8

vendor:日本電気model:connexive application platformscope: - version: -

Trust: 0.8

vendor:日立model:hitachi web server - custom editionscope: - version: -

Trust: 0.8

vendor:apachemodel:http serverscope: - version: -

Trust: 0.8

vendor:日立model:hitachi navigation platform for developersscope: - version: -

Trust: 0.8

vendor:日本電気model:spoolserver/reportfilingscope: - version: -

Trust: 0.8

vendor:日本電気model:iot 共通基盤scope: - version: -

Trust: 0.8

vendor:日立model:jp1/service level managementscope: - version: -

Trust: 0.8

vendor:日立model:hitachi device managerscope: - version: -

Trust: 0.8

vendor:日本電気model:witchymailscope: - version: -

Trust: 0.8

vendor:日本電気model:connexive pfscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus application server enterprisescope: - version: -

Trust: 0.8

vendor:日立model:hitachi compute systems managerscope: - version: -

Trust: 0.8

vendor:日立model:hitachi web serverscope: - version: -

Trust: 0.8

vendor:日立model:日立高信頼サーバ rv3000scope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus application server standardscope: - version: -

Trust: 0.8

vendor:日立model:cosminexus http serverscope: - version: -

Trust: 0.8

vendor:日立model:hitachi global link managerscope: - version: -

Trust: 0.8

vendor:日立model:hitachi ops center viewpointscope: - version: -

Trust: 0.8

vendor:日立model:hitachi automation directorscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-001479 // NVD: CVE-2022-22720

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-22720
value: CRITICAL

Trust: 1.0

NVD: CVE-2022-22720
value: CRITICAL

Trust: 0.8

VULHUB: VHN-411396
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-22720
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-411396
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-22720
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-22720
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-411396 // JVNDB: JVNDB-2022-001479 // NVD: CVE-2022-22720

PROBLEMTYPE DATA

problemtype:CWE-444

Trust: 1.1

problemtype:HTTP Request Smuggling (CWE-444) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-411396 // JVNDB: JVNDB-2022-001479 // NVD: CVE-2022-22720

THREAT TYPE

remote

Trust: 0.1

sources: PACKETSTORM: 166355

TYPE

overflow

Trust: 0.2

sources: PACKETSTORM: 166805 // PACKETSTORM: 166581

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-411396

PATCH

title:hitachi-sec-2022-142url:https://httpd.apache.org/security/vulnerabilities_24.html

Trust: 0.8

sources: JVNDB: JVNDB-2022-001479

EXTERNAL IDS

db:NVDid:CVE-2022-22720

Trust: 3.5

db:OPENWALLid:OSS-SECURITY/2022/03/14/3

Trust: 1.9

db:JVNid:JVNVU99602154

Trust: 0.8

db:JVNDBid:JVNDB-2022-001479

Trust: 0.8

db:PACKETSTORMid:166501

Trust: 0.2

db:PACKETSTORMid:166355

Trust: 0.2

db:PACKETSTORMid:166450

Trust: 0.2

db:PACKETSTORMid:166457

Trust: 0.2

db:PACKETSTORMid:166488

Trust: 0.2

db:PACKETSTORMid:166492

Trust: 0.1

db:PACKETSTORMid:166365

Trust: 0.1

db:PACKETSTORMid:167188

Trust: 0.1

db:PACKETSTORMid:167189

Trust: 0.1

db:PACKETSTORMid:167186

Trust: 0.1

db:PACKETSTORMid:168072

Trust: 0.1

db:PACKETSTORMid:166528

Trust: 0.1

db:CNVDid:CNVD-2022-51061

Trust: 0.1

db:VULHUBid:VHN-411396

Trust: 0.1

db:PACKETSTORMid:166805

Trust: 0.1

db:PACKETSTORMid:166584

Trust: 0.1

db:PACKETSTORMid:166581

Trust: 0.1

sources: VULHUB: VHN-411396 // JVNDB: JVNDB-2022-001479 // PACKETSTORM: 166488 // PACKETSTORM: 166501 // PACKETSTORM: 166450 // PACKETSTORM: 166457 // PACKETSTORM: 166805 // PACKETSTORM: 166584 // PACKETSTORM: 166581 // PACKETSTORM: 166355 // NVD: CVE-2022-22720

REFERENCES

url:http://www.openwall.com/lists/oss-security/2022/03/14/3

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2022-22720

Trust: 1.6

url:https://security.netapp.com/advisory/ntap-20220321-0001/

Trust: 1.1

url:https://support.apple.com/kb/ht213255

Trust: 1.1

url:https://support.apple.com/kb/ht213256

Trust: 1.1

url:https://support.apple.com/kb/ht213257

Trust: 1.1

url:http://seclists.org/fulldisclosure/2022/may/38

Trust: 1.1

url:http://seclists.org/fulldisclosure/2022/may/35

Trust: 1.1

url:http://seclists.org/fulldisclosure/2022/may/33

Trust: 1.1

url:https://security.gentoo.org/glsa/202208-20

Trust: 1.1

url:https://httpd.apache.org/security/vulnerabilities_24.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpujul2022.html

Trust: 1.1

url:https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/rgwilbort67shmslysqzg2nmxgcmpuzo/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/x73c35mmmzgbvpqqch7lqzumyznqa5fo/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/z7h26wj6tpknwv3qky4bhkukqvutzjtd/

Trust: 1.0

url:https://jvn.jp/vu/jvnvu99602154/

Trust: 0.8

url:https://bugzilla.redhat.com/):

Trust: 0.7

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.7

url:https://access.redhat.com/security/team/contact/

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2022-22720

Trust: 0.7

url:https://access.redhat.com/security/team/key/

Trust: 0.7

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.7

url:https://access.redhat.com/articles/11258

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/z7h26wj6tpknwv3qky4bhkukqvutzjtd/

Trust: 0.1

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/x73c35mmmzgbvpqqch7lqzumyznqa5fo/

Trust: 0.1

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rgwilbort67shmslysqzg2nmxgcmpuzo/

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1072

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1075

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1049

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1045

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1389

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3537

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0778

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3541

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3516

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3517

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0778

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3518

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3537

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3541

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23308

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-23308

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3517

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3518

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3516

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1173

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-44790

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-44790

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1139

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5333-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/apache2/2.4.48-3.1ubuntu3.3

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-23943

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.10

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22719

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22721

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.22

Trust: 0.1

sources: VULHUB: VHN-411396 // JVNDB: JVNDB-2022-001479 // PACKETSTORM: 166488 // PACKETSTORM: 166501 // PACKETSTORM: 166450 // PACKETSTORM: 166457 // PACKETSTORM: 166805 // PACKETSTORM: 166584 // PACKETSTORM: 166581 // PACKETSTORM: 166355 // NVD: CVE-2022-22720

CREDITS

Red Hat

Trust: 0.7

sources: PACKETSTORM: 166488 // PACKETSTORM: 166501 // PACKETSTORM: 166450 // PACKETSTORM: 166457 // PACKETSTORM: 166805 // PACKETSTORM: 166584 // PACKETSTORM: 166581

SOURCES

db:VULHUBid:VHN-411396
db:JVNDBid:JVNDB-2022-001479
db:PACKETSTORMid:166488
db:PACKETSTORMid:166501
db:PACKETSTORMid:166450
db:PACKETSTORMid:166457
db:PACKETSTORMid:166805
db:PACKETSTORMid:166584
db:PACKETSTORMid:166581
db:PACKETSTORMid:166355
db:NVDid:CVE-2022-22720

LAST UPDATE DATE

2024-11-20T21:56:25.417000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-411396date:2022-11-02T00:00:00
db:JVNDBid:JVNDB-2022-001479date:2023-12-12T07:47:00
db:NVDid:CVE-2022-22720date:2023-11-07T03:43:58.403

SOURCES RELEASE DATE

db:VULHUBid:VHN-411396date:2022-03-14T00:00:00
db:JVNDBid:JVNDB-2022-001479date:2022-03-23T00:00:00
db:PACKETSTORMid:166488date:2022-03-28T15:52:08
db:PACKETSTORMid:166501date:2022-03-28T15:55:12
db:PACKETSTORMid:166450date:2022-03-25T15:18:59
db:PACKETSTORMid:166457date:2022-03-25T15:21:09
db:PACKETSTORMid:166805date:2022-04-21T15:10:14
db:PACKETSTORMid:166584date:2022-04-04T14:38:55
db:PACKETSTORMid:166581date:2022-04-04T14:36:10
db:PACKETSTORMid:166355date:2022-03-17T15:54:28
db:NVDid:CVE-2022-22720date:2022-03-14T11:15:09.083