First published: Mon Apr 04 2022(Updated: )
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.<br>Security Fix(es):<br><li> httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling (CVE-2022-22720)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/httpd | <2.2.15-70.el6_10 | 2.2.15-70.el6_10 |
redhat/httpd | <2.2.15-70.el6_10 | 2.2.15-70.el6_10 |
redhat/httpd-debuginfo | <2.2.15-70.el6_10 | 2.2.15-70.el6_10 |
redhat/httpd-debuginfo | <2.2.15-70.el6_10 | 2.2.15-70.el6_10 |
redhat/httpd-devel | <2.2.15-70.el6_10 | 2.2.15-70.el6_10 |
redhat/httpd-devel | <2.2.15-70.el6_10 | 2.2.15-70.el6_10 |
redhat/httpd-manual | <2.2.15-70.el6_10 | 2.2.15-70.el6_10 |
redhat/httpd-tools | <2.2.15-70.el6_10 | 2.2.15-70.el6_10 |
redhat/httpd-tools | <2.2.15-70.el6_10 | 2.2.15-70.el6_10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
RHSA-2022:1173 addresses an HTTP request smuggling vulnerability identified as CVE-2022-22720 within the httpd packages.
The severity of RHSA-2022:1173 is significant due to its potential impact on the confidentiality and integrity of web server interactions.
To fix RHSA-2022:1173, update your httpd packages to the version 2.2.15-70.el6_10 or higher.
The affected packages include httpd, httpd-debuginfo, httpd-devel, httpd-manual, and httpd-tools, specifically versions prior to 2.2.15-70.el6_10.
Yes, the vulnerability identified in RHSA-2022:1173 can be exploited through techniques such as HTTP request smuggling attacks.