5

CVE-2015-3183

EPSS 32.87%
Veröffentlicht 20.07.2015 23:59:02
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 56

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ HTTP Server Version >= 2.2.0 < 2.2.31

Apache ≫ HTTP Server Version >= 2.4.0 < 2.4.16

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	32.87%	0.967

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

Third Party Advisory

https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

Third Party Advisory

https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E

Third Party Advisory

https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E

Third Party Advisory

https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E

Third Party Advisory

https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E

Third Party Advisory

https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E

Third Party Advisory

https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E

Third Party Advisory

https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E

Third Party Advisory

https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E

Third Party Advisory

https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E

Third Party Advisory

https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E

Third Party Advisory

https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E

Third Party Advisory

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

Third Party Advisory

VDB Entry

http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

Mailing List

https://support.apple.com/kb/HT205031

Third Party Advisory

VDB Entry

http://rhn.redhat.com/errata/RHSA-2016-0062.html

Third Party Advisory

http://httpd.apache.org/security/vulnerabilities_24.html

Vendor Advisory

https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E

Third Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

Patch

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Third Party Advisory

Mailing List

http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

Patch

Third Party Advisory

https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E

Third Party Advisory

https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E

Third Party Advisory

https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E

Third Party Advisory

http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html

Mailing List

https://support.apple.com/HT205219

Third Party Advisory

VDB Entry

http://marc.info/?l=bugtraq&m=144493176821532&w=2

Third Party Advisory

VDB Entry

Mailing List

http://rhn.redhat.com/errata/RHSA-2015-2661.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-0061.html

Third Party Advisory

https://access.redhat.com/errata/RHSA-2015:2659

Third Party Advisory

https://access.redhat.com/errata/RHSA-2015:2660

Third Party Advisory

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246

Third Party Advisory

https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E

Third Party Advisory

https://security.gentoo.org/glsa/201610-02

Third Party Advisory

http://www.securityfocus.com/bid/91787

Third Party Advisory

VDB Entry

http://rhn.redhat.com/errata/RHSA-2015-1666.html

Third Party Advisory

http://www.securitytracker.com/id/1032967

Third Party Advisory

VDB Entry

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789

Third Party Advisory

VDB Entry

http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-2056.html

Third Party Advisory

http://www.apache.org/dist/httpd/CHANGES_2.4

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2015-1667.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-1668.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-2054.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-2055.html

Third Party Advisory

http://www.debian.org/security/2015/dsa-3325

Third Party Advisory

http://www.securityfocus.com/bid/75963

Third Party Advisory

VDB Entry

http://www.ubuntu.com/usn/USN-2686-1

Third Party Advisory

https://github.com/apache/httpd/commit/a6027e56924bb6227c1fdbf6f91e7e2438338be6

Third Party Advisory

https://github.com/apache/httpd/commit/e427c41257957b57036d5a549b260b6185d1dd73

Third Party Advisory

https://puppet.com/security/cve/CVE-2015-3183

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2015-3183

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-3183

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-3183

EUVD