The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.
http://httpd.apache.org/security/vulnerabilities_24.html
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html
http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html
http://marc.info/?l=bugtraq&m=144493176821532&w=2
http://rhn.redhat.com/errata/RHSA-2015-1666.html
http://rhn.redhat.com/errata/RHSA-2015-1667.html
http://rhn.redhat.com/errata/RHSA-2015-1668.html
http://rhn.redhat.com/errata/RHSA-2015-2661.html
http://rhn.redhat.com/errata/RHSA-2016-0061.html
http://rhn.redhat.com/errata/RHSA-2016-0062.html
http://rhn.redhat.com/errata/RHSA-2016-2054.html
http://rhn.redhat.com/errata/RHSA-2016-2055.html
http://rhn.redhat.com/errata/RHSA-2016-2056.html
http://www.apache.org/dist/httpd/CHANGES_2.4
http://www.debian.org/security/2015/dsa-3325
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://www.securityfocus.com/bid/75963
http://www.securityfocus.com/bid/91787
http://www.securitytracker.com/id/1032967
http://www.ubuntu.com/usn/USN-2686-1
https://access.redhat.com/errata/RHSA-2015:2659
https://access.redhat.com/errata/RHSA-2015:2660
https://github.com/apache/httpd/commit/a6027e56924bb6227c1fdbf6f91e7e2438338be6
https://github.com/apache/httpd/commit/e427c41257957b57036d5a549b260b6185d1dd73
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://puppet.com/security/cve/CVE-2015-3183
https://security.gentoo.org/glsa/201610-02
OR
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* versions up to 2.4.13 (inclusive)
ID | Name | Product | Family | Severity |
---|---|---|---|---|
144304 | IBM HTTP Server 6.1.0.0 <= 6.1.0.47 / 7.0.0.0 < 7.0.0.39 / 8.0.0.0 < 8.0.0.12 / 8.5.0.0 < 8.5.5.7 HTTP Request Smuggling (533835) | Nessus | Web Servers | medium |
124922 | EulerOS Virtualization 3.0.1.0 : httpd (EulerOS-SA-2019-1419) | Nessus | Huawei Local Security Checks | high |
98908 | Apache 2.4.x < 2.4.16 Multiple Vulnerabilities | Web Application Scanning | Component Vulnerability | medium |
112247 | RHEL 7 : JBoss EAP (RHSA-2016:2054) | Nessus | Red Hat Local Security Checks | high |
94066 | RHEL 6 : JBoss EAP (RHSA-2016:2055) | Nessus | Red Hat Local Security Checks | high |
93903 | GLSA-201610-02 : Apache: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | medium |
91329 | F5 Networks BIG-IP : Apache vulnerability (SOL17251) | Nessus | F5 Networks Local Security Checks | medium |
88077 | RHEL 5 / 6 / 7 : JBoss Web Server (RHSA-2016:0061) | Nessus | Red Hat Local Security Checks | medium |
88049 | Oracle Secure Global Desktop Multiple Vulnerabilities (January 2016 CPU) (Logjam) | Nessus | Misc. | medium |
87458 | RHEL 7 : JBoss Web Server (RHSA-2015:2660) | Nessus | Red Hat Local Security Checks | high |
87457 | RHEL 6 : JBoss Web Server (RHSA-2015:2659) | Nessus | Red Hat Local Security Checks | high |
86709 | SUSE SLES11 Security Update : apache2 (SUSE-SU-2015:1885-2) | Nessus | SuSE Local Security Checks | medium |
86703 | SUSE SLES12 Security Update : apache2 (SUSE-SU-2015:1851-1) (Logjam) | Nessus | SuSE Local Security Checks | medium |
8981 | Mac OS X < 10.10.5 Multiple Vulnerabilities | Nessus Network Monitor | Operating System Detection | high |
8970 | Apache HTTP Server 2.4.x < 2.4.16 Multiple Vulnerabilities | Nessus Network Monitor | Web Servers | medium |
86285 | openSUSE Security Update : apache2 (openSUSE-2015-635) (Logjam) | Nessus | SuSE Local Security Checks | medium |
86066 | Mac OS X : OS X Server < 5.0.3 Multiple Vulnerabilities | Nessus | MacOS X Local Security Checks | critical |
86018 | IBM HTTP Server 6.1 <= 6.1.0.47 (FP47) / 7.0 < 7.0.0.39 (FP39) / 8.0 < 8.0.0.12 (FP12) / 8.5 < 8.5.5.7 (FP7) Multiple Vulnerabilities | Nessus | Web Servers | high |
85637 | CentOS 6 : httpd (CESA-2015:1668) | Nessus | CentOS Local Security Checks | medium |
85636 | CentOS 7 : httpd (CESA-2015:1667) | Nessus | CentOS Local Security Checks | medium |
85628 | Tenable SecurityCenter Multiple Apache Vulnerabilities (TNS-2015-11) | Nessus | Web Servers | medium |
85621 | Scientific Linux Security Update : httpd on SL7.x x86_64 (20150824) | Nessus | Scientific Linux Local Security Checks | medium |
85620 | Scientific Linux Security Update : httpd on SL6.x i386/x86_64 (20150824) | Nessus | Scientific Linux Local Security Checks | medium |
85618 | RHEL 6 : httpd (RHSA-2015:1668) | Nessus | Red Hat Local Security Checks | medium |
85617 | RHEL 7 : httpd (RHSA-2015:1667) | Nessus | Red Hat Local Security Checks | medium |
85614 | Oracle Linux 6 : httpd (ELSA-2015-1668) | Nessus | Oracle Linux Local Security Checks | medium |
85613 | Oracle Linux 7 : httpd (ELSA-2015-1667) | Nessus | Oracle Linux Local Security Checks | medium |
85452 | Amazon Linux AMI : httpd24 (ALAS-2015-579) | Nessus | Amazon Linux Local Security Checks | medium |
85451 | Amazon Linux AMI : httpd (ALAS-2015-578) | Nessus | Amazon Linux Local Security Checks | medium |
85409 | Mac OS X Multiple Vulnerabilities (Security Update 2015-006) | Nessus | MacOS X Local Security Checks | high |
85408 | Mac OS X 10.10.x < 10.10.5 Multiple Vulnerabilities | Nessus | MacOS X Local Security Checks | high |
85164 | Debian DSA-3325-1 : apache2 - security update | Nessus | Debian Local Security Checks | medium |
85092 | Fedora 21 : httpd-2.4.16-1.fc21 (2015-11792) | Nessus | Fedora Local Security Checks | medium |
85051 | Debian DLA-284-1 : apache2 security update | Nessus | Debian Local Security Checks | medium |
85042 | Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : apache2 vulnerabilities (USN-2686-1) | Nessus | Ubuntu Local Security Checks | medium |
84959 | Apache 2.4.x < 2.4.16 Multiple Vulnerabilities | Nessus | Web Servers | medium |
84906 | Fedora 22 : httpd-2.4.16-1.fc22 (2015-11689) | Nessus | Fedora Local Security Checks | medium |
84860 | FreeBSD : apache22 -- chunk header parsing defect (29083f8e-2ca8-11e5-86ff-14dae9d210b8) | Nessus | FreeBSD Local Security Checks | medium |
84829 | Slackware 14.0 / 14.1 / current : httpd (SSA:2015-198-01) | Nessus | Slackware Local Security Checks | medium |
84781 | FreeBSD : apache24 -- multiple vulnerabilities (a12494c1-2af4-11e5-86ff-14dae9d210b8) | Nessus | FreeBSD Local Security Checks | medium |