Client-Side Desync Vulnerability (CVE-2022-38114)

Summary

This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. This can lead to HTTP request smuggling or XSS.

Affected Products

  • SEM 2022.2 and previous versions

Fixed Software Release

  • SEM 2022.4

Acknowledgments

  • Ken Pyle-CYBIR
Advisory Details
Severity
Low
Advisory ID

CVE-2022-38114

First Published
11/22/2022
Last Updated
11/22/2022
Version

SEM 2022.4

CVSS Score

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

Download PDF
Send an Email