CVE-2015-3183 Information
Description
The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.
Reference
http://httpd.apache.org/security/vulnerabilities_24.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html http://marc.info/?l=bugtraq&m=144493176821532&w=2 http://rhn.redhat.com/errata/RHSA-2015-1666.html http://rhn.redhat.com/errata/RHSA-2015-1667.html http://rhn.redhat.com/errata/RHSA-2015-1668.html http://rhn.redhat.com/errata/RHSA-2015-2661.html http://rhn.redhat.com/errata/RHSA-2016-0061.html http://rhn.redhat.com/errata/RHSA-2016-0062.html http://rhn.redhat.com/errata/RHSA-2016-2054.html http://rhn.redhat.com/errata/RHSA-2016-2055.html http://rhn.redhat.com/errata/RHSA-2016-2056.html http://www.apache.org/dist/httpd/CHANGES_2.4 http://www.debian.org/security/2015/dsa-3325 http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html http://www.securityfocus.com/bid/75963 http://www.securityfocus.com/bid/91787 http://www.securitytracker.com/id/1032967 http://www.ubuntu.com/usn/USN-2686-1 https://access.redhat.com/errata/RHSA-2015:2659 https://access.redhat.com/errata/RHSA-2015:2660 https://github.com/apache/httpd/commit/a6027e56924bb6227c1fdbf6f91e7e2438338be6 https://github.com/apache/httpd/commit/e427c41257957b57036d5a549b260b6185d1dd73 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789 https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@3Ccvs.httpd.apache.org3E https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@3Ccvs.httpd.apache.org3E https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@3Ccvs.httpd.apache.org3E https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@3Ccvs.httpd.apache.org3E https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@3Ccvs.httpd.apache.org3E https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@3Ccvs.httpd.apache.org3E https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@3Ccvs.httpd.apache.org3E https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@3Ccvs.httpd.apache.org3E https://puppet.com/security/cve/CVE-2015-3183 https://security.gentoo.org/glsa/201610-02 https://support.apple.com/HT205219 https://support.apple.com/kb/HT205031
Share on: