CVE-2015-3183

medium

Description

The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.

References

http://httpd.apache.org/security/vulnerabilities_24.html

http://www.apache.org/dist/httpd/CHANGES_2.4

https://github.com/apache/httpd/commit/e427c41257957b57036d5a549b260b6185d1dd73

http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

https://support.apple.com/kb/HT205031

http://www.ubuntu.com/usn/USN-2686-1

http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html

https://support.apple.com/HT205219

http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

http://www.securityfocus.com/bid/91787

http://marc.info/?l=bugtraq&m=144493176821532&w=2

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

http://www.securityfocus.com/bid/75963

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735

http://rhn.redhat.com/errata/RHSA-2016-0062.html

http://rhn.redhat.com/errata/RHSA-2016-0061.html

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789

https://access.redhat.com/errata/RHSA-2015:2660

http://rhn.redhat.com/errata/RHSA-2015-2661.html

https://access.redhat.com/errata/RHSA-2015:2659

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246

http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html

http://www.debian.org/security/2015/dsa-3325

http://rhn.redhat.com/errata/RHSA-2015-1668.html

http://rhn.redhat.com/errata/RHSA-2015-1667.html

https://security.gentoo.org/glsa/201610-02

http://www.securitytracker.com/id/1032967

https://puppet.com/security/cve/CVE-2015-3183

http://rhn.redhat.com/errata/RHSA-2016-2056.html

http://rhn.redhat.com/errata/RHSA-2016-2055.html

http://rhn.redhat.com/errata/RHSA-2016-2054.html

http://rhn.redhat.com/errata/RHSA-2015-1666.html

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://github.com/apache/httpd/commit/a6027e56924bb6227c1fdbf6f91e7e2438338be6

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b03[email protected]%3Ccvs.httpd.apache.org%3E

Details

Source: MITRE

Published: 2015-07-20

Updated: 2021-06-06

Type: CWE-20

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM