5

CVE-2015-3183

The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheHTTP Server Version >= 2.2.0 < 2.2.31
ApacheHTTP Server Version >= 2.4.0 < 2.4.16
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 73.33% 0.994
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
Third Party Advisory
VDB Entry
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
Mailing List
https://support.apple.com/kb/HT205031
Third Party Advisory
VDB Entry
http://rhn.redhat.com/errata/RHSA-2016-0062.html
Third Party Advisory
http://httpd.apache.org/security/vulnerabilities_24.html
Vendor Advisory
https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
Patch
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
Third Party Advisory
Mailing List
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
Patch
Third Party Advisory
https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html
Mailing List
https://support.apple.com/HT205219
Third Party Advisory
VDB Entry
http://marc.info/?l=bugtraq&m=144493176821532&w=2
Third Party Advisory
VDB Entry
Mailing List
http://rhn.redhat.com/errata/RHSA-2015-2661.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0061.html
Third Party Advisory
https://access.redhat.com/errata/RHSA-2015:2659
Third Party Advisory
https://access.redhat.com/errata/RHSA-2015:2660
Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246
Third Party Advisory
https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
https://security.gentoo.org/glsa/201610-02
Third Party Advisory
http://www.securityfocus.com/bid/91787
Third Party Advisory
VDB Entry
http://rhn.redhat.com/errata/RHSA-2015-1666.html
Third Party Advisory
http://www.securitytracker.com/id/1032967
Third Party Advisory
VDB Entry
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789
Third Party Advisory
VDB Entry
http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2056.html
Third Party Advisory
http://www.apache.org/dist/httpd/CHANGES_2.4
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-1667.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1668.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2054.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2055.html
Third Party Advisory
http://www.debian.org/security/2015/dsa-3325
Third Party Advisory
http://www.securityfocus.com/bid/75963
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-2686-1
Third Party Advisory
https://github.com/apache/httpd/commit/a6027e56924bb6227c1fdbf6f91e7e2438338be6
Third Party Advisory
https://github.com/apache/httpd/commit/e427c41257957b57036d5a549b260b6185d1dd73
Third Party Advisory
https://puppet.com/security/cve/CVE-2015-3183
Third Party Advisory