CVE-2015-3183medium
Description
The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.
References
http://httpd.apache.org/security/vulnerabilities_24.html
http://www.apache.org/dist/httpd/CHANGES_2.4
https://github.com/apache/httpd/commit/e427c41257957b57036d5a549b260b6185d1dd73
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
https://support.apple.com/kb/HT205031
http://www.ubuntu.com/usn/USN-2686-1
http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html
https://support.apple.com/HT205219
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.securityfocus.com/bid/91787
http://marc.info/?l=bugtraq&m=144493176821532&w=2
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.securityfocus.com/bid/75963
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
http://rhn.redhat.com/errata/RHSA-2016-0062.html
http://rhn.redhat.com/errata/RHSA-2016-0061.html
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789
https://access.redhat.com/errata/RHSA-2015:2660
http://rhn.redhat.com/errata/RHSA-2015-2661.html
https://access.redhat.com/errata/RHSA-2015:2659
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246
http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html
http://www.debian.org/security/2015/dsa-3325
http://rhn.redhat.com/errata/RHSA-2015-1668.html
http://rhn.redhat.com/errata/RHSA-2015-1667.html
https://security.gentoo.org/glsa/201610-02
http://www.securitytracker.com/id/1032967
https://puppet.com/security/cve/CVE-2015-3183
http://rhn.redhat.com/errata/RHSA-2016-2056.html
http://rhn.redhat.com/errata/RHSA-2016-2055.html
http://rhn.redhat.com/errata/RHSA-2016-2054.html
http://rhn.redhat.com/errata/RHSA-2015-1666.html
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://github.com/apache/httpd/commit/a6027e56924bb6227c1fdbf6f91e7e2438338be6
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E