Vulnerability CVE-2015-3183
Published: 2015-07-20   Modified: 2015-07-21

Description:
The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.

Type:

CWE-20

 (Improper Input Validation)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Apache -> Http server 

 References:
http://httpd.apache.org/security/vulnerabilities_24.html
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html
http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html
http://marc.info/?l=bugtraq&m=144493176821532&w=2
http://rhn.redhat.com/errata/RHSA-2015-1666.html
http://rhn.redhat.com/errata/RHSA-2015-1667.html
http://rhn.redhat.com/errata/RHSA-2015-1668.html
http://rhn.redhat.com/errata/RHSA-2015-2661.html
http://rhn.redhat.com/errata/RHSA-2016-0061.html
http://rhn.redhat.com/errata/RHSA-2016-0062.html
http://rhn.redhat.com/errata/RHSA-2016-2054.html
http://rhn.redhat.com/errata/RHSA-2016-2055.html
http://rhn.redhat.com/errata/RHSA-2016-2056.html
http://www.apache.org/dist/httpd/CHANGES_2.4
http://www.debian.org/security/2015/dsa-3325
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://www.securityfocus.com/bid/75963
http://www.securityfocus.com/bid/91787
http://www.securitytracker.com/id/1032967
http://www.ubuntu.com/usn/USN-2686-1
https://access.redhat.com/errata/RHSA-2015:2659
https://access.redhat.com/errata/RHSA-2015:2660
https://github.com/apache/httpd/commit/e427c41257957b57036d5a549b260b6185d1dd73
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789
https://puppet.com/security/cve/CVE-2015-3183
https://security.gentoo.org/glsa/201610-02
https://support.apple.com/HT205219
https://support.apple.com/kb/HT205031
Copyright 2024, cxsecurity.com

 

Back to Top