CVE-2015-3183

 

Published at: - 21-07-2015 01:59

Last modified: - 30-06-2022 05:18

Total changes: - 4

Description

The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:N/I:P/A:N

 

Verification logic

 

Reference

• http://httpd.apache.org/security/vulnerabilities_24.html
• http://www.apache.org/dist/httpd/CHANGES_2.4
• https://github.com/apache/httpd/commit/e427c41257957b57036d5a549b260b6185d1dd73
• APPLE-SA-2015-08-13-2-
• https://support.apple.com/kb/HT205031
• USN-2686-1-
• APPLE-SA-2015-09-16-4-
• https://support.apple.com/HT205219
• http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
• http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
• http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
• 91787-
• SSRT102254-
• http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
• 75963-
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
• RHSA-2016:0062-
• RHSA-2016:0061-
• https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789
• RHSA-2015:2660-
• RHSA-2015:2661-
• RHSA-2015:2659-
• https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246
• openSUSE-SU-2015:1684-
• DSA-3325-
• RHSA-2015:1668-
• RHSA-2015:1667-
• GLSA-201610-02-
• 1032967-
• https://puppet.com/security/cve/CVE-2015-3183
• RHSA-2016:2056-
• RHSA-2016:2055-
• RHSA-2016:2054-
• RHSA-2015:1666-
• [httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.html security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html-
• [httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.html security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html-
• [httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.html security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html-
• [httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.html security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html-
• [httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.html security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html-
• [httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.html security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html-
• [httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.html security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html-
• [httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.html security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html-
• https://github.com/apache/httpd/commit/a6027e56924bb6227c1fdbf6f91e7e2438338be6
• [httpd-cvs] 20210330 svn commit: r1073139 [9/13] - in /websites/staging/httpd/trunk/content: ./ security/json/-
• [httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html-
• [httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/-
• [httpd-cvs] 20210330 svn commit: r1888194 [9/13] - /httpd/site/trunk/content/security/json/-
• [httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html-
• [httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/-
• [httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.html security/vulnerabilities_22.html security/vulnerabilities_24.html-
• [httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.html security/vulnerabilities_22.html security/vulnerabilities_24.html-
• [httpd-cvs] 20210330 svn commit: r1073149 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/-
• [httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html-

 

Keywords

NVD

 

CVE-2015-3183

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures