Apache Httpd 2.2.22 Exploit _top_ Info

For the PHP-CGI exploit, the Metasploit module exploit/multi/http/php_cgi_arg_injection is a common choice. It automates the process of injecting the PHP wrapper and establishing a reverse shell. Mitigation and Defense

If you see 2.2.22 (or any 2.2.x version), your server is exposed. apache httpd 2.2.22 exploit

Apache 2.2.22 was often bundled with older versions of OpenSSL, making it susceptible to: Exploits CBC mode ciphers in TLS 1.0. CRIME: Targets TLS compression to session cookies. Exploitation Methodology For the PHP-CGI exploit