Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2015-3183

Published: 20/07/2015 Updated: 14/12/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Apache

Vulnerability Summary

The chunked transfer coding implementation in the Apache HTTP Server prior to 2.4.14 does not properly parse chunk headers, which allows remote malicious users to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache http server

Vendor Advisories

Ubuntu Security Notice: apache2 vulnerabilities
Several security issues were fixed in the Apache HTTP server ...
Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 6.4.10 natives update on RHEL 7
Synopsis Moderate: Red Hat JBoss Enterprise Application Platform 6410 natives update on RHEL 7 Type/Severity Security Advisory: Moderate Topic Updated packages that provide Red Hat JBoss Enterprise Application Platform 6410 natives, fix several bugs, and add various enhancements are now available for Re ...
Red Hat: Moderate: Red Hat JBoss Web Server 3.0.2 security update
Synopsis Moderate: Red Hat JBoss Web Server 302 security update Type/Severity Security Advisory: Moderate Topic Updated Red Hat JBoss Web Server 302 packages are now available for RedHat Enterprise Linux 6Red Hat Product Security has rated this update as having Moderate securityimpact Common Vulnerabi ...
Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 6.4.10 natives update on RHEL 6
Synopsis Moderate: Red Hat JBoss Enterprise Application Platform 6410 natives update on RHEL 6 Type/Severity Security Advisory: Moderate Topic Updated packages that provide Red Hat JBoss Enterprise Application Platform 6410 natives, fix several bugs, and add various enhancements are now available for Re ...
Red Hat: Moderate: Red Hat JBoss Web Server 3.0.2 security update
Synopsis Moderate: Red Hat JBoss Web Server 302 security update Type/Severity Security Advisory: Moderate Topic Updated Red Hat JBoss Web Server 302 packages are now available for RedHat Enterprise Linux 7Red Hat Product Security has rated this update as having Moderate securityimpact Common Vulnerabi ...
Debian Security Advisories: DSA-3325-1 apache2 -- security update
Several vulnerabilities have been found in the Apache HTTPD server CVE-2015-3183 An HTTP request smuggling attack was possible due to a bug in parsing of chunked requests A malicious client could force the server to misinterpret the request length, allowing cache poisoning or credential hijacking if an intermediary proxy is in us ...
Amazon Linux AMI: ALAS-2015-579
It was discovered that in httpd 24, the internal API function ap_some_auth_required() could incorrectly indicate that a request was authenticated even when no authentication was used An httpd module using this API function could consequently allow access that should have been denied (CVE-2015-3185) Multiple flaws were found in the way httpd pars ...
Amazon Linux AMI: ALAS-2015-578
Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks ...
Red Hat: CVE-2015-3183
Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks ...
Tenable Security Advisories: [R4] SecurityCenter 5.0.2 Fixes Third-party Library
Tenable SecurityCenter is potentially impacted by two vulnerabilities in Apache HTTP Server CVE-2015-3183: The chunked transfer coding implementation in the Apache HTTP Server before 2414 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling o ...

Github Repositories

https://github.com/ameihm0912/nasltokens

nasl plugin tokenizer and information extraction

nasltokens nasltokens is a utility to extract information from NASL plugins, and generate an intermediate JSON policy file consumable by other tools for vulnerability analysis The format used is the intermediate scribe vulnerability policy format NASL plugins that focus on authenticate package tests are supported Usage Typical usage involves conversion of a NASL plugin file

References

CWE-20CWE-17http://httpd.apache.org/security/vulnerabilities_24.htmlhttp://www.apache.org/dist/httpd/CHANGES_2.4https://github.com/apache/httpd/commit/e427c41257957b57036d5a549b260b6185d1dd73http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlhttps://support.apple.com/kb/HT205031http://www.ubuntu.com/usn/USN-2686-1http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.htmlhttps://support.apple.com/HT205219http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlhttp://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlhttp://www.securityfocus.com/bid/91787http://marc.info/?l=bugtraq&m=144493176821532&w=2http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlhttp://www.securityfocus.com/bid/75963http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735http://rhn.redhat.com/errata/RHSA-2016-0062.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0061.htmlhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789https://access.redhat.com/errata/RHSA-2015:2660http://rhn.redhat.com/errata/RHSA-2015-2661.htmlhttps://access.redhat.com/errata/RHSA-2015:2659https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.htmlhttp://www.debian.org/security/2015/dsa-3325http://rhn.redhat.com/errata/RHSA-2015-1668.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1667.htmlhttps://security.gentoo.org/glsa/201610-02http://www.securitytracker.com/id/1032967https://puppet.com/security/cve/CVE-2015-3183http://rhn.redhat.com/errata/RHSA-2016-2056.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2055.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2054.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1666.htmlhttps://github.com/apache/httpd/commit/a6027e56924bb6227c1fdbf6f91e7e2438338be6https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3Ehttps://usn.ubuntu.com/2686-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2015-3183
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654CVE-2023-49606encryptionNULL pointer dereferenceCVE-2024-4439CVE-2024-4649race conditionCVE-2024-27202CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook