5

CVE-2015-3183

EPSS 38.1%
Published 20.07.2015 23:59:02
Last modified 12.04.2025 10:46:40
Source secalert@redhat.com
Teams watchlist Login
Open Login

The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.

Affected products Warnungen 0 Metrics 2 CWE 1 References 56

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ HTTP Server Version >= 2.2.0 < 2.2.31

Apache ≫ HTTP Server Version >= 2.4.0 < 2.4.16

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	38.1%	0.971

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

Third Party Advisory

https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

Third Party Advisory

https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E

Third Party Advisory

https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E

Third Party Advisory

https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E

Third Party Advisory

https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E

Third Party Advisory

https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E

Third Party Advisory

https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E

Third Party Advisory

https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E

Third Party Advisory

https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E

Third Party Advisory

https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E

Third Party Advisory

https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E

Third Party Advisory

https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E

Third Party Advisory

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

Third Party Advisory

VDB Entry

http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

Mailing List

https://support.apple.com/kb/HT205031

Third Party Advisory

VDB Entry

http://rhn.redhat.com/errata/RHSA-2016-0062.html

Third Party Advisory

http://httpd.apache.org/security/vulnerabilities_24.html

Vendor Advisory

https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E

Third Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

Patch

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Third Party Advisory

Mailing List

http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

Patch

Third Party Advisory

https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E

Third Party Advisory

https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E

Third Party Advisory

https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E

Third Party Advisory

http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html

Mailing List

https://support.apple.com/HT205219

Third Party Advisory

VDB Entry

http://marc.info/?l=bugtraq&m=144493176821532&w=2

Third Party Advisory

VDB Entry

Mailing List

http://rhn.redhat.com/errata/RHSA-2015-2661.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-0061.html

Third Party Advisory

https://access.redhat.com/errata/RHSA-2015:2659

Third Party Advisory

https://access.redhat.com/errata/RHSA-2015:2660

Third Party Advisory

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246

Third Party Advisory

https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E

Third Party Advisory

https://security.gentoo.org/glsa/201610-02

Third Party Advisory

http://www.securityfocus.com/bid/91787

Third Party Advisory

VDB Entry

http://rhn.redhat.com/errata/RHSA-2015-1666.html

Third Party Advisory

http://www.securitytracker.com/id/1032967

Third Party Advisory

VDB Entry

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789

Third Party Advisory

VDB Entry

http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-2056.html

Third Party Advisory

http://www.apache.org/dist/httpd/CHANGES_2.4

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2015-1667.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-1668.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-2054.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-2055.html

Third Party Advisory

http://www.debian.org/security/2015/dsa-3325

Third Party Advisory

http://www.securityfocus.com/bid/75963

Third Party Advisory

VDB Entry

http://www.ubuntu.com/usn/USN-2686-1

Third Party Advisory

https://github.com/apache/httpd/commit/a6027e56924bb6227c1fdbf6f91e7e2438338be6

Third Party Advisory

https://github.com/apache/httpd/commit/e427c41257957b57036d5a549b260b6185d1dd73

Third Party Advisory

https://puppet.com/security/cve/CVE-2015-3183

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2015-3183

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-3183

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-3183

EUVD