Details of VAR-202203-0072

ID

VAR-202203-0072

CVE

CVE-2022-22720

TITLE

Red Hat Security Advisory 2022-1045-01

Trust: 0.1

sources: PACKETSTORM: 166457

DESCRIPTION

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling. The server is fast, reliable and extensible through a simple API. No detailed vulnerability details were provided at this time. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: httpd security update Advisory ID: RHSA-2022:1045-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1045 Issue date: 2022-03-24 CVE Names: CVE-2022-22720 ==================================================================== 1. Summary: An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. 5. Package List: Red Hat Enterprise Linux Client Optional (v. 7): Source: httpd-2.4.6-97.el7_9.5.src.rpm noarch: httpd-manual-2.4.6-97.el7_9.5.noarch.rpm x86_64: httpd-2.4.6-97.el7_9.5.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.5.x86_64.rpm httpd-devel-2.4.6-97.el7_9.5.x86_64.rpm httpd-tools-2.4.6-97.el7_9.5.x86_64.rpm mod_ldap-2.4.6-97.el7_9.5.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.5.x86_64.rpm mod_session-2.4.6-97.el7_9.5.x86_64.rpm mod_ssl-2.4.6-97.el7_9.5.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: httpd-2.4.6-97.el7_9.5.src.rpm noarch: httpd-manual-2.4.6-97.el7_9.5.noarch.rpm x86_64: httpd-2.4.6-97.el7_9.5.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.5.x86_64.rpm httpd-devel-2.4.6-97.el7_9.5.x86_64.rpm httpd-tools-2.4.6-97.el7_9.5.x86_64.rpm mod_ldap-2.4.6-97.el7_9.5.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.5.x86_64.rpm mod_session-2.4.6-97.el7_9.5.x86_64.rpm mod_ssl-2.4.6-97.el7_9.5.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: httpd-2.4.6-97.el7_9.5.src.rpm noarch: httpd-manual-2.4.6-97.el7_9.5.noarch.rpm ppc64: httpd-2.4.6-97.el7_9.5.ppc64.rpm httpd-debuginfo-2.4.6-97.el7_9.5.ppc64.rpm httpd-devel-2.4.6-97.el7_9.5.ppc64.rpm httpd-tools-2.4.6-97.el7_9.5.ppc64.rpm mod_session-2.4.6-97.el7_9.5.ppc64.rpm mod_ssl-2.4.6-97.el7_9.5.ppc64.rpm ppc64le: httpd-2.4.6-97.el7_9.5.ppc64le.rpm httpd-debuginfo-2.4.6-97.el7_9.5.ppc64le.rpm httpd-devel-2.4.6-97.el7_9.5.ppc64le.rpm httpd-tools-2.4.6-97.el7_9.5.ppc64le.rpm mod_session-2.4.6-97.el7_9.5.ppc64le.rpm mod_ssl-2.4.6-97.el7_9.5.ppc64le.rpm s390x: httpd-2.4.6-97.el7_9.5.s390x.rpm httpd-debuginfo-2.4.6-97.el7_9.5.s390x.rpm httpd-devel-2.4.6-97.el7_9.5.s390x.rpm httpd-tools-2.4.6-97.el7_9.5.s390x.rpm mod_session-2.4.6-97.el7_9.5.s390x.rpm mod_ssl-2.4.6-97.el7_9.5.s390x.rpm x86_64: httpd-2.4.6-97.el7_9.5.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.5.x86_64.rpm httpd-devel-2.4.6-97.el7_9.5.x86_64.rpm httpd-tools-2.4.6-97.el7_9.5.x86_64.rpm mod_session-2.4.6-97.el7_9.5.x86_64.rpm mod_ssl-2.4.6-97.el7_9.5.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: httpd-debuginfo-2.4.6-97.el7_9.5.ppc64.rpm mod_ldap-2.4.6-97.el7_9.5.ppc64.rpm mod_proxy_html-2.4.6-97.el7_9.5.ppc64.rpm ppc64le: httpd-debuginfo-2.4.6-97.el7_9.5.ppc64le.rpm mod_ldap-2.4.6-97.el7_9.5.ppc64le.rpm mod_proxy_html-2.4.6-97.el7_9.5.ppc64le.rpm s390x: httpd-debuginfo-2.4.6-97.el7_9.5.s390x.rpm mod_ldap-2.4.6-97.el7_9.5.s390x.rpm mod_proxy_html-2.4.6-97.el7_9.5.s390x.rpm x86_64: httpd-debuginfo-2.4.6-97.el7_9.5.x86_64.rpm mod_ldap-2.4.6-97.el7_9.5.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: httpd-2.4.6-97.el7_9.5.src.rpm noarch: httpd-manual-2.4.6-97.el7_9.5.noarch.rpm x86_64: httpd-2.4.6-97.el7_9.5.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.5.x86_64.rpm httpd-devel-2.4.6-97.el7_9.5.x86_64.rpm httpd-tools-2.4.6-97.el7_9.5.x86_64.rpm mod_session-2.4.6-97.el7_9.5.x86_64.rpm mod_ssl-2.4.6-97.el7_9.5.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: httpd-debuginfo-2.4.6-97.el7_9.5.x86_64.rpm mod_ldap-2.4.6-97.el7_9.5.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-22720 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYjyOdNzjgjWX9erEAQhVww/+JFTM+pih2pdBcB+UAF9/Ym/u45DXpPsM EDRpXAVYFxKcxJh/BZNbNIu7nok8Kq5i54mS/nLKFtAU4NgnyUkwKqTeQO4tYXFw MKIbHyCo5vyz341FxjhMVOt1SVV5Zqc5r6bnRZptoN5XfA7siRSUTwWL3CZs1JUn STKr7mY1eeAvJRdjUcZgvbGrQTBAGdqKHyE8i66wcjifqarx4rPWLgJV6XOb9Mod cmxoUefSpoRoneOAPWjuo/rEaOu4yYfpEyfVMiAlzGtJhrcvE4yUXR8J5MAt5y20 fT82SoGYSmdao3RL7WClpndtnpLG7Jd2IuVC8MVZNyUhuSDAsnkk//RUcbHay4Ei bMoVGDkOTBGEAFQkygZ9dGqLHkc2sp8uYzIfZabhjui8BDcVrzJ0spI2lB0bYhP6 EO0/mhd6m/rRuKnlPtM8E0CSdzB06z5vLELxrA++xaOhzEESsc7yl/JS8Ob+KOPQ GL2OjkUqh2PXokwhsIIK2IbWV3ZDXqrWhzViW1+a1Hi0BL01IdfRN1lfbZeoafu8 ajIttYbI0/7IJsjYg6aPZtRiMtsFZhH4ry4AjKt75jKZcjKF7FsYuMeOZTdOOC11 JeBoN5wLQonOoMscCbIjka/bbn0m4m1eNl61UM26sCw4CzzTEQx2b9AL6kfGPUwj 3zFDnOe0dNg=gNTS -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8.2) - aarch64, noarch, ppc64le, s390x, x86_64 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link for the update. You must be logged in to download the update. 7) - noarch, x86_64 3. ========================================================================= Ubuntu Security Notice USN-5333-2 March 17, 2022 apache2 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Several security issues were fixed in Apache HTTP Server. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Chamal De Silva discovered that the Apache HTTP Server mod_lua module incorrectly handled certain crafted request bodies. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. (CVE-2022-22720) It was discovered that the Apache HTTP Server incorrectly handled large LimitXMLRequestBody settings on certain platforms. In certain configurations, a remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-22721) Ronald Crane discovered that the Apache HTTP Server mod_sed module incorrectly handled memory. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-23943) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: apache2 2.4.18-2ubuntu3.17+esm5 apache2-bin 2.4.18-2ubuntu3.17+esm5 Ubuntu 14.04 ESM: apache2 2.4.7-1ubuntu4.22+esm4 apache2-bin 2.4.7-1ubuntu4.22+esm4 In general, a standard system update will make all the necessary changes

Trust: 1.89

sources: NVD: CVE-2022-22720 // VULHUB: VHN-411396 // VULMON: CVE-2022-22720 // PACKETSTORM: 166457 // PACKETSTORM: 166528 // PACKETSTORM: 166805 // PACKETSTORM: 166803 // PACKETSTORM: 166581 // PACKETSTORM: 166488 // PACKETSTORM: 166501 // PACKETSTORM: 166355 // PACKETSTORM: 166365

AFFECTED PRODUCTS

vendor:	apple	model:	macos	scope:	gte	version:	12.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.15.7	Trust: 1.0
vendor:	oracle	model:	enterprise manager ops center	scope:	eq	version:	12.4.0.0	Trust: 1.0
vendor:	oracle	model:	http server	scope:	eq	version:	12.2.1.4.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	36	Trust: 1.0
vendor:	apple	model:	macos	scope:	lte	version:	12.4	Trust: 1.0
vendor:	oracle	model:	zfs storage appliance kit	scope:	eq	version:	8.8	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	34	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	35	Trust: 1.0
vendor:	apple	model:	macos	scope:	gte	version:	11.0	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	11.6.6	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	10.15.7	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	apache	model:	http server	scope:	lte	version:	2.4.52	Trust: 1.0
vendor:	oracle	model:	http server	scope:	eq	version:	12.2.1.3.0	Trust: 1.0

sources: NVD: CVE-2022-22720

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-22720
value:	CRITICAL
Trust: 1.0
VULHUB:	VHN-411396
value:	HIGH
Trust: 0.1
VULMON:	CVE-2022-22720
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2022-22720
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-411396
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-22720
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-411396 // VULMON: CVE-2022-22720 // NVD: CVE-2022-22720

PROBLEMTYPE DATA

problemtype:

CWE-444

Trust: 1.1

sources: VULHUB: VHN-411396 // NVD: CVE-2022-22720

THREAT TYPE

remote

Trust: 0.2

sources: PACKETSTORM: 166355 // PACKETSTORM: 166365

TYPE

overflow

Trust: 0.3

sources: PACKETSTORM: 166805 // PACKETSTORM: 166803 // PACKETSTORM: 166581

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-411396

PATCH

title:	Red Hat: Important: httpd:2.4 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221049 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: httpd:2.4 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221080 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: httpd security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221173 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: httpd:2.4 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221102 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: httpd security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221045 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: httpd24-httpd security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221075 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: httpd:2.4 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221072 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: httpd security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221137 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: httpd security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221136 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: httpd security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221138 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: httpd security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221139 - Security Advisory	Trust: 0.1
title:	Red Hat:	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2022-22720	Trust: 0.1
title:	Ubuntu Security Notice: USN-5333-2: Apache HTTP Server vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5333-2	Trust: 0.1
title:	Ubuntu Security Notice: USN-5333-1: Apache HTTP Server vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5333-1	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2022-1584	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2022-1584	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP11 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221390 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP11 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221389 - Security Advisory	Trust: 0.1
title:	Hitachi Security Advisories: Vulnerability in Cosminexus HTTP Server and Hitachi Web Server	url:	https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2022-119	Trust: 0.1
title:	Hitachi Security Advisories: Vulnerability in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center	url:	https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2022-128	Trust: 0.1
title:	Hitachi Security Advisories: Vulnerability in JP1 and Hitachi IT Operations Director	url:	https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2022-142	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2022-1783	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2022-1783	Trust: 0.1
title:	Amazon Linux 2022: ALAS2022-2022-053	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS2022-2022-053	Trust: 0.1
title:	Apple: macOS Monterey 12.4	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=73857ee26a600b1527481f1deacc0619	Trust: 0.1
title:	PROJET TUTEURE	url:	https://github.com/PierreChrd/py-projet-tut	Trust: 0.1
title:	Tier 0 Tier 1 Tier 2	url:	https://github.com/Totes5706/TotesHTB	Trust: 0.1
title:	Requirements vulnsearch-cve Usage vulnsearch Usage Test Sample	url:	https://github.com/kasem545/vulnsearch	Trust: 0.1
title:	Skynet	url:	https://github.com/bioly230/THM_Skynet	Trust: 0.1
title:	Shodan Search Script	url:	https://github.com/firatesatoglu/shodanSearch	Trust: 0.1
title:	PoC in GitHub	url:	https://github.com/nomi-sec/PoC-in-GitHub	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: VULMON: CVE-2022-22720

EXTERNAL IDS

db:	NVD	id:	CVE-2022-22720	Trust: 2.1
db:	OPENWALL	id:	OSS-SECURITY/2022/03/14/3	Trust: 1.2
db:	PACKETSTORM	id:	166501	Trust: 0.2
db:	PACKETSTORM	id:	166355	Trust: 0.2
db:	PACKETSTORM	id:	166365	Trust: 0.2
db:	PACKETSTORM	id:	166457	Trust: 0.2
db:	PACKETSTORM	id:	166488	Trust: 0.2
db:	PACKETSTORM	id:	166528	Trust: 0.2
db:	PACKETSTORM	id:	166492	Trust: 0.1
db:	PACKETSTORM	id:	167188	Trust: 0.1
db:	PACKETSTORM	id:	166450	Trust: 0.1
db:	PACKETSTORM	id:	167189	Trust: 0.1
db:	PACKETSTORM	id:	167186	Trust: 0.1
db:	PACKETSTORM	id:	168072	Trust: 0.1
db:	CNVD	id:	CNVD-2022-51061	Trust: 0.1
db:	VULHUB	id:	VHN-411396	Trust: 0.1
db:	ICS CERT	id:	ICSA-22-132-02	Trust: 0.1
db:	VULMON	id:	CVE-2022-22720	Trust: 0.1
db:	PACKETSTORM	id:	166805	Trust: 0.1
db:	PACKETSTORM	id:	166803	Trust: 0.1
db:	PACKETSTORM	id:	166581	Trust: 0.1

sources: VULHUB: VHN-411396 // VULMON: CVE-2022-22720 // PACKETSTORM: 166457 // PACKETSTORM: 166528 // PACKETSTORM: 166805 // PACKETSTORM: 166803 // PACKETSTORM: 166581 // PACKETSTORM: 166488 // PACKETSTORM: 166501 // PACKETSTORM: 166355 // PACKETSTORM: 166365 // NVD: CVE-2022-22720

REFERENCES

url:	https://security.netapp.com/advisory/ntap-20220321-0001/	Trust: 1.2
url:	https://support.apple.com/kb/ht213255	Trust: 1.2
url:	https://support.apple.com/kb/ht213256	Trust: 1.2
url:	https://support.apple.com/kb/ht213257	Trust: 1.2
url:	http://seclists.org/fulldisclosure/2022/may/38	Trust: 1.2
url:	http://seclists.org/fulldisclosure/2022/may/35	Trust: 1.2
url:	http://seclists.org/fulldisclosure/2022/may/33	Trust: 1.2
url:	https://security.gentoo.org/glsa/202208-20	Trust: 1.2
url:	https://httpd.apache.org/security/vulnerabilities_24.html	Trust: 1.2
url:	https://www.oracle.com/security-alerts/cpuapr2022.html	Trust: 1.2
url:	https://www.oracle.com/security-alerts/cpujul2022.html	Trust: 1.2
url:	https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html	Trust: 1.2
url:	http://www.openwall.com/lists/oss-security/2022/03/14/3	Trust: 1.2
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/rgwilbort67shmslysqzg2nmxgcmpuzo/	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/z7h26wj6tpknwv3qky4bhkukqvutzjtd/	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/x73c35mmmzgbvpqqch7lqzumyznqa5fo/	Trust: 1.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22720	Trust: 0.9
url:	https://access.redhat.com/security/cve/cve-2022-22720	Trust: 0.7
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.7
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.7
url:	https://bugzilla.redhat.com/):	Trust: 0.7
url:	https://access.redhat.com/security/team/contact/	Trust: 0.7
url:	https://access.redhat.com/articles/11258	Trust: 0.6
url:	https://access.redhat.com/security/team/key/	Trust: 0.6
url:	https://ubuntu.com/security/notices/usn-5333-2	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3537	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-0778	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-3541	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-3516	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3517	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0778	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-3518	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-3537	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3541	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-23308	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23308	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-3517	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3518	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3516	Trust: 0.2
url:	https://ubuntu.com/security/notices/usn-5333-1	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23943	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22719	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22721	Trust: 0.2
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/z7h26wj6tpknwv3qky4bhkukqvutzjtd/	Trust: 0.1
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/x73c35mmmzgbvpqqch7lqzumyznqa5fo/	Trust: 0.1
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rgwilbort67shmslysqzg2nmxgcmpuzo/	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/444.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1049	Trust: 0.1
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-02	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1045	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1102	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1389	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1390	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-44790	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-44790	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1139	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1072	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1075	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/apache2/2.4.48-3.1ubuntu3.3	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.10	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.22	Trust: 0.1

CREDITS

Red Hat

Trust: 0.7

sources: PACKETSTORM: 166457 // PACKETSTORM: 166528 // PACKETSTORM: 166805 // PACKETSTORM: 166803 // PACKETSTORM: 166581 // PACKETSTORM: 166488 // PACKETSTORM: 166501

SOURCES

db:	VULHUB	id:	VHN-411396
db:	VULMON	id:	CVE-2022-22720
db:	PACKETSTORM	id:	166457
db:	PACKETSTORM	id:	166528
db:	PACKETSTORM	id:	166805
db:	PACKETSTORM	id:	166803
db:	PACKETSTORM	id:	166581
db:	PACKETSTORM	id:	166488
db:	PACKETSTORM	id:	166501
db:	PACKETSTORM	id:	166355
db:	PACKETSTORM	id:	166365
db:	NVD	id:	CVE-2022-22720

LAST UPDATE DATE

2026-02-07T22:35:01.365000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-411396	date:	2022-11-02T00:00:00
db:	VULMON	id:	CVE-2022-22720	date:	2023-11-07T00:00:00
db:	NVD	id:	CVE-2022-22720	date:	2024-11-21T06:47:18.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-411396	date:	2022-03-14T00:00:00
db:	VULMON	id:	CVE-2022-22720	date:	2022-03-14T00:00:00
db:	PACKETSTORM	id:	166457	date:	2022-03-25T15:21:09
db:	PACKETSTORM	id:	166528	date:	2022-03-29T17:15:37
db:	PACKETSTORM	id:	166805	date:	2022-04-21T15:10:14
db:	PACKETSTORM	id:	166803	date:	2022-04-21T15:09:54
db:	PACKETSTORM	id:	166581	date:	2022-04-04T14:36:10
db:	PACKETSTORM	id:	166488	date:	2022-03-28T15:52:08
db:	PACKETSTORM	id:	166501	date:	2022-03-28T15:55:12
db:	PACKETSTORM	id:	166355	date:	2022-03-17T15:54:28
db:	PACKETSTORM	id:	166365	date:	2022-03-18T15:34:37
db:	NVD	id:	CVE-2022-22720	date:	2022-03-14T11:15:09.083