CVE-2015-3183
Advisory lineage Upstream: 0 Downstream: 17
Modified
Published: 20 Jul 2015, 23:00
Last modified:06 Aug 2024, 05:39
Vulnerability Summary
Overall Risk (default)
medium
25/100 CVSS Score
5 MEDIUM
v2.0 (nvd)
EPSS Score
24.12% HIGH
24% probability -4.23%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
20 Jul 2015, 23:00
Published
Vulnerability first disclosed
06 Aug 2024, 05:39
Last Modified
Vulnerability information updated
Description
The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.
CVSS Metrics
- v2.0•MEDIUM•Score: 5AV:N/AC:L/Au:N/C:N/I:P/A:N
EPSS Trends
Current EPSS score: 24.12%• Percentile: 96%
Techniques & Countermeasures
- CWE-17•DEPRECATED: Code
This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.
- CWE-20•Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Affected Systems
- Unknown•HTTP Server
≥ 2.2.0, < 2.2.31 | ≥ 2.4.0, < 2.4.16
References (53)
- http://marc.info/?l=bugtraq&m=144493176821532&w=2
- http://rhn.redhat.com/errata/RHSA-2016-2056.html
- http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html
- http://httpd.apache.org/security/vulnerabilities_24.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://rhn.redhat.com/errata/RHSA-2016-0061.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
- https://security.gentoo.org/glsa/201610-02
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://rhn.redhat.com/errata/RHSA-2015-1667.html
- http://rhn.redhat.com/errata/RHSA-2016-0062.html
- http://www.apache.org/dist/httpd/CHANGES_2.4
- http://rhn.redhat.com/errata/RHSA-2015-1666.html
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246
- http://www.securitytracker.com/id/1032967
- http://rhn.redhat.com/errata/RHSA-2015-1668.html
- http://rhn.redhat.com/errata/RHSA-2015-2661.html
- http://rhn.redhat.com/errata/RHSA-2016-2055.html
- http://www.ubuntu.com/usn/USN-2686-1
- http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
- http://www.securityfocus.com/bid/75963
- http://www.debian.org/security/2015/dsa-3325
- https://access.redhat.com/errata/RHSA-2015:2659
- https://github.com/apache/httpd/commit/e427c41257957b57036d5a549b260b6185d1dd73
- https://puppet.com/security/cve/CVE-2015-3183
- http://www.securityfocus.com/bid/91787
- https://access.redhat.com/errata/RHSA-2015:2660
- http://rhn.redhat.com/errata/RHSA-2016-2054.html
- https://support.apple.com/kb/HT205031
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html
- https://support.apple.com/HT205219
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
- https://github.com/apache/httpd/commit/a6027e56924bb6227c1fdbf6f91e7e2438338be6
- https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E