error. Because the error response includes the original (large) header, it can lead to Information Disclosure , such as exposing sensitive session cookies. Request Smuggling (CVE-2022-22720):

Though technically addressed in earlier patches, many 2.2.22 installations remained vulnerable to "Apache Killer."

While version 2.2.22 is ancient—having reached —it remains a common target in the following contexts:

Consequently, thousands of servers today run SSH on port 2222, not Apache. However, control panels like (a popular alternative to cPanel) traditionally use port 2222 for their web-based control panel login . DirectAdmin runs its own lightweight web server (not Apache) on port 2222 for administrative access.