CVE-2022-36760
Apache HTTP Server: mod_proxy_ajp Possible request smugglingInconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.
We have discovered 1,455,451 live websites that are affected by CVE-2022-36760.
Affected Software
| Product |  Apache |
| Category | Web Servers |
| Vulnerable Domains | 1,455,451 live websites (46.13% of Apache install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 48 versions ( 32.65% of all versions) |
Common Weakness Enumeration
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')Details
- Published - Jan 17, 2023
- Updated - Feb 13, 2025
Credits
- ZeddYu_Lu from Qi'anxin Research Institute of Legendsec at Qi'anxin Group (finder)
CWE
CVE References
CWE References
CVE-2022-36760 usage by Country
 United States | 525,570 websites |
 Germany | 173,732 websites |
 France | 92,917 websites |
 Netherlands | 54,879 websites |
 Russia | 50,083 websites |
 Japan | 46,050 websites |
 Singapore | 44,029 websites |
 Italy | 35,331 websites |
 Czech Republic | 35,004 websites |
 Poland | 29,203 websites |
CVE-2022-36760 usage by TLD
| .com | 550,574 websites |
| .de | 102,261 websites |
| .org | 69,368 websites |
| .net | 57,739 websites |
| .ru | 44,031 websites |
| .nl | 43,318 websites |
| .it | 36,365 websites |
| .cz | 29,408 websites |
| .fr | 28,503 websites |
| .pl | 26,735 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2022-36760
Top websites that are affected by CVE-2022-36760. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *******.com | Singapore | *** | |
| *************.***.****.****.************.net | United States | *** | |
| *********.com | United States | *** | |
| *********.*************.se | United States | *** | |
| ***********.org | United States | *** | |
| *********.net | United States | *** | |
| ********.*********.com | Singapore | *,*** | |
| ***.****.us | United States | *,*** | |
| ***.*********.com | Singapore | *,*** | |
| *****.*******.com | Singapore | *,*** |
FAQ
CVE-2022-36760 is Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in Apache
A total of 1,455,451 websites have been identified as vulnerable to CVE-2022-36760, discovered through global website indexing conducted by WebTechSurvey.
Apache is susceptible to CVE-2022-36760 vulnerability.
Apache versions before, and including, 2.4.54 are vulnerable to CVE-2022-36760.