PatchSiren cyber security CVE debrief
CVE-2022-36760 Festo Didactic SE CVE debrief
CVE-2022-36760 is a critical HTTP request smuggling issue in Apache HTTP Server’s mod_proxy_ajp component. The advisory states that inconsistent interpretation of HTTP requests can let an attacker smuggle requests to the AJP backend the proxy forwards to. In the CISA advisory context, the affected product is Festo Didactic SE MES PC. The vendor remediation points MES PC users to a replacement, Factory Control Panel, obtainable through Festo technical support. Defenders should treat this as a high-priority exposure wherever Apache HTTP Server 2.4.54 or earlier is present in the affected product path, especially if mod_proxy_ajp/AJP forwarding is in use. Network reachability plus the potential for confidentiality, integrity, and availability impact make this important to review promptly.
- Vendor
- Festo Didactic SE
- Product
- MES PC
- CVSS
- CRITICAL 9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-02-27
- Original CVE updated
- 2026-01-27
- Advisory published
- 2024-02-27
- Advisory updated
- 2026-01-27
Who should care
Festo Didactic SE MES PC operators, OT/industrial support teams, Apache HTTP Server administrators, and defenders responsible for systems using mod_proxy_ajp/AJP forwarding or vendor-bundled Apache stacks.
Technical summary
The source advisory maps CVE-2022-36760 to CWE-444 (inconsistent interpretation of HTTP requests). The stated issue is in mod_proxy_ajp, where parsing differences between the proxy and the AJP backend can enable request smuggling. The supplied CVSS vector is CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H, indicating network attackability, no privileges or user interaction required, and potentially severe impact if exploitation succeeds. The advisory says Apache HTTP Server 2.4.54 and prior versions are affected.
Defensive priority
Critical; review and remediate immediately for any affected MES PC deployment or any exposed Apache mod_proxy_ajp/AJP path.
Recommended defensive actions
- Inventory MES PC systems and confirm whether the affected Apache HTTP Server component is present and whether mod_proxy_ajp/AJP forwarding is enabled.
- Obtain the current Factory Control Panel replacement from Festo technical support as directed in the advisory and replace the vulnerable XAMPP-based MES PC component path.
- Restrict network access to any proxy-to-backend AJP path and segment affected systems so only required hosts can reach them.
- Review proxy and backend logs for unusual request patterns consistent with request-smuggling abuse, especially mismatches between front-end and back-end request handling.
- If Apache HTTP Server 2.4.54 or earlier is deployed in the affected context, prioritize upgrade or vendor-directed replacement before restoring normal exposure.
Evidence notes
This debrief uses the CISA CSAF source item and its embedded advisory metadata. The source was first published on 2024-02-27 and later republished/modified on 2026-01-27; those dates are used as advisory timing context, not as the CVE’s original issue date. The source text explicitly identifies the vulnerability as inconsistent interpretation of HTTP requests ('HTTP Request Smuggling') in mod_proxy_ajp, ties it to Apache HTTP Server 2.4.54 and earlier, and maps it to Festo Didactic SE MES PC. The remediation field states that Factory Control Panel replaces XAMPP on MES PCs and should be obtained through Festo technical support.
Official resources
-
CVE-2022-36760 CVE record
CVE.org
-
CVE-2022-36760 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Public advisory publication date in the supplied source corpus is 2024-02-27, with a later CISA republication/modified date of 2026-01-27.