CVE-2022-22720

CRITICAL LAB

Apache HTTP Server < 2.4.52 - HTTP Request Smuggling via Inbound Connection Handling

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-22720. PoCs published by Benasin.

AI-analyzed exploit summary The repository contains only Docker configuration files for Apache HTTP Server 2.4.52 but lacks any exploit code or technical details about CVE-2022-22720. It appears to be a placeholder or incomplete setup for testing the vulnerability.

Description

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling

Exploits (1)

nomisec STUB

by Benasin · poc

https://github.com/Benasin/CVE-2022-22720

View Code ZIP pw:eip

The repository contains only Docker configuration files for Apache HTTP Server 2.4.52 but lacks any exploit code or technical details about CVE-2022-22720. It appears to be a placeholder or incomplete setup for testing the vulnerability.

Classification

Stub 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: Apache HTTP Server 2.4.52

No auth needed

Prerequisites: Docker environment

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (16)

Core 16

Core References

Vendor Advisory x_refsource_misc

https://httpd.apache.org/security/vulnerabilities_24.html

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2022/03/14/3

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/

Patch, Third Party Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpuapr2022.html

Third Party Advisory x_refsource_confirm

https://security.netapp.com/advisory/ntap-20220321-0001/

Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2022/May/33

Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2022/May/35

Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2022/May/38

Third Party Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpujul2022.html

Third Party Advisory x_refsource_confirm

https://support.apple.com/kb/HT213257

Third Party Advisory x_refsource_confirm

https://support.apple.com/kb/HT213256

Third Party Advisory x_refsource_confirm

https://support.apple.com/kb/HT213255

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/202208-20

Scores

CVSS v3 9.8

EPSS 0.2819

EPSS Percentile 97.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Lab Environment

COMMUNITY

Community Lab

docker pull httpd:2.4.52

https://github.com/Benasin/CVE-2022-22720

View in Library

Details

CWE

CWE-444

Status published

Products (11)

apache/http_server < 2.4.52

apple/mac_os_x 10.15.7 security_update_2020-001 (12 CPE variants)

apple/macos < 10.15.7

debian/debian_linux 9.0

fedoraproject/fedora 34

fedoraproject/fedora 35

fedoraproject/fedora 36

oracle/enterprise_manager_ops_center 12.4.0.0

oracle/http_server 12.2.1.3.0

oracle/http_server 12.2.1.4.0

... and 1 more

Published Mar 14, 2022

Tracked Since Feb 18, 2026