First published: Mon Mar 28 2022(Updated: )
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.<br>Security Fix(es):<br><li> httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling (CVE-2022-22720)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/httpd | <2.4.37-39.module+el8.4.0+14531+e1b94dfe.4 | 2.4.37-39.module+el8.4.0+14531+e1b94dfe.4 |
redhat/httpd | <2.4.37-39.module+el8.4.0+14531+e1b94dfe.4 | 2.4.37-39.module+el8.4.0+14531+e1b94dfe.4 |
redhat/httpd-debuginfo | <2.4.37-39.module+el8.4.0+14531+e1b94dfe.4 | 2.4.37-39.module+el8.4.0+14531+e1b94dfe.4 |
redhat/httpd-debugsource | <2.4.37-39.module+el8.4.0+14531+e1b94dfe.4 | 2.4.37-39.module+el8.4.0+14531+e1b94dfe.4 |
redhat/httpd-devel | <2.4.37-39.module+el8.4.0+14531+e1b94dfe.4 | 2.4.37-39.module+el8.4.0+14531+e1b94dfe.4 |
redhat/httpd-filesystem | <2.4.37-39.module+el8.4.0+14531+e1b94dfe.4 | 2.4.37-39.module+el8.4.0+14531+e1b94dfe.4 |
redhat/httpd-manual | <2.4.37-39.module+el8.4.0+14531+e1b94dfe.4 | 2.4.37-39.module+el8.4.0+14531+e1b94dfe.4 |
redhat/httpd-tools | <2.4.37-39.module+el8.4.0+14531+e1b94dfe.4 | 2.4.37-39.module+el8.4.0+14531+e1b94dfe.4 |
redhat/httpd-tools-debuginfo | <2.4.37-39.module+el8.4.0+14531+e1b94dfe.4 | 2.4.37-39.module+el8.4.0+14531+e1b94dfe.4 |
redhat/httpd-debuginfo | <2.4.37-39.module+el8.4.0+14531+e1b94dfe.4 | 2.4.37-39.module+el8.4.0+14531+e1b94dfe.4 |
redhat/httpd-debugsource | <2.4.37-39.module+el8.4.0+14531+e1b94dfe.4 | 2.4.37-39.module+el8.4.0+14531+e1b94dfe.4 |
redhat/httpd-devel | <2.4.37-39.module+el8.4.0+14531+e1b94dfe.4 | 2.4.37-39.module+el8.4.0+14531+e1b94dfe.4 |
redhat/httpd-tools | <2.4.37-39.module+el8.4.0+14531+e1b94dfe.4 | 2.4.37-39.module+el8.4.0+14531+e1b94dfe.4 |
redhat/httpd-tools-debuginfo | <2.4.37-39.module+el8.4.0+14531+e1b94dfe.4 | 2.4.37-39.module+el8.4.0+14531+e1b94dfe.4 |
redhat/httpd | <2.4.37-39.module+el8.4.0+14531+e1b94dfe.4 | 2.4.37-39.module+el8.4.0+14531+e1b94dfe.4 |
redhat/httpd-debuginfo | <2.4.37-39.module+el8.4.0+14531+e1b94dfe.4 | 2.4.37-39.module+el8.4.0+14531+e1b94dfe.4 |
redhat/httpd-debugsource | <2.4.37-39.module+el8.4.0+14531+e1b94dfe.4 | 2.4.37-39.module+el8.4.0+14531+e1b94dfe.4 |
redhat/httpd-devel | <2.4.37-39.module+el8.4.0+14531+e1b94dfe.4 | 2.4.37-39.module+el8.4.0+14531+e1b94dfe.4 |
redhat/httpd-tools | <2.4.37-39.module+el8.4.0+14531+e1b94dfe.4 | 2.4.37-39.module+el8.4.0+14531+e1b94dfe.4 |
redhat/httpd-tools-debuginfo | <2.4.37-39.module+el8.4.0+14531+e1b94dfe.4 | 2.4.37-39.module+el8.4.0+14531+e1b94dfe.4 |
redhat/httpd | <2.4.37-39.module+el8.4.0+14531+e1b94dfe.4.aa | 2.4.37-39.module+el8.4.0+14531+e1b94dfe.4.aa |
redhat/httpd-debuginfo | <2.4.37-39.module+el8.4.0+14531+e1b94dfe.4.aa | 2.4.37-39.module+el8.4.0+14531+e1b94dfe.4.aa |
redhat/httpd-debugsource | <2.4.37-39.module+el8.4.0+14531+e1b94dfe.4.aa | 2.4.37-39.module+el8.4.0+14531+e1b94dfe.4.aa |
redhat/httpd-devel | <2.4.37-39.module+el8.4.0+14531+e1b94dfe.4.aa | 2.4.37-39.module+el8.4.0+14531+e1b94dfe.4.aa |
redhat/httpd-tools | <2.4.37-39.module+el8.4.0+14531+e1b94dfe.4.aa | 2.4.37-39.module+el8.4.0+14531+e1b94dfe.4.aa |
redhat/httpd-tools-debuginfo | <2.4.37-39.module+el8.4.0+14531+e1b94dfe.4.aa | 2.4.37-39.module+el8.4.0+14531+e1b94dfe.4.aa |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of RHSA-2022:1072 is classified as critical due to the potential for HTTP request smuggling.
To fix RHSA-2022:1072, users should update the httpd package to version 2.4.37-39.module+el8.4.0+14531+e1b94dfe.4 or later.
The impact of RHSA-2022:1072 includes the risk of HTTP request smuggling, which can lead to unauthorized access or data manipulation.
Versions of the httpd package prior to 2.4.37-39.module+el8.4.0+14531+e1b94dfe.4 are affected by RHSA-2022:1072.
RHSA-2022:1072 specifically applies to Red Hat Enterprise Linux systems using the affected version of the httpd package.