CVE-2015-3183

Apache HTTP Server 2.2.0-2.2.30 - HTTP Request Smuggling via Chunked Transfer Coding

Title source: llm
STIX 2.1

Description

The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.

References (53)

Core 53
Core References
Mailing List, Third Party Advisory, VDB Entry vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=144493176821532&w=2
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-2056.html
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html
Vendor Advisory x_refsource_confirm
http://httpd.apache.org/security/vulnerabilities_24.html
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-0061.html
Third Party Advisory, VDB Entry x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
Patch, Third Party Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1667.html
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-0062.html
Vendor Advisory x_refsource_confirm
http://www.apache.org/dist/httpd/CHANGES_2.4
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1666.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1032967
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1668.html
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-2661.html
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-2055.html
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2686-1
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/75963
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3325
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2015:2659
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/91787
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2015:2660
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-2054.html
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html
Third Party Advisory x_refsource_confirm
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
Mailing List, Third Party Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201610-02
Third Party Advisory x_refsource_confirm
https://puppet.com/security/cve/CVE-2015-3183
Third Party Advisory, VDB Entry x_refsource_confirm
https://support.apple.com/kb/HT205031
Third Party Advisory, VDB Entry x_refsource_confirm
https://support.apple.com/HT205219

Scores

EPSS 0.2412
EPSS Percentile 96.2%

Details

CWE
CWE-17 CWE-20
Status published
Products (1)
apache/http_server 2.2.0 - 2.2.31
Published Jul 20, 2015
Tracked Since Feb 18, 2026