Client-Side Desync Vulnerability 

(CVE-2022-38114)

Download PDF

Summary

This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. This can lead to HTTP request smuggling or XSS.

Affected Products

  • SEM 2022.2 and previous versions

Fixed Software Release

  • SEM 2022.4

Acknowledgments

  • Ken Pyle-CYBIR

Advisory Details

Severity

3.7 Low

Advisory ID

First Published

11/22/2022

Last Updated

11/22/2022

Version

SEM 2022.4

CVSS Score

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N