CVE-2015-3183

CVSS V2 Medium 5 CVSS V3 None
Description
The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.
Overview
  • CVE ID
  • CVE-2015-3183
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2015-07-20T23:59:02
  • Last Modified Date
  • 2021-06-06T11:15:19
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* 1 OR 2.4.13
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:N/I:P/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • NONE
  • Base Score
  • 5
  • Severity
  • MEDIUM
  • Exploitability Score
  • 10
  • Impact Score
  • 2.9
References
Reference URL Reference Tags
http://httpd.apache.org/security/vulnerabilities_24.html Vendor Advisory
http://www.apache.org/dist/httpd/CHANGES_2.4
https://github.com/apache/httpd/commit/e427c41257957b57036d5a549b260b6185d1dd73
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
https://support.apple.com/kb/HT205031
http://www.ubuntu.com/usn/USN-2686-1
http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html
https://support.apple.com/HT205219
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.securityfocus.com/bid/91787
http://marc.info/?l=bugtraq&m=144493176821532&w=2
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.securityfocus.com/bid/75963
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
http://rhn.redhat.com/errata/RHSA-2016-0062.html
http://rhn.redhat.com/errata/RHSA-2016-0061.html
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789
https://access.redhat.com/errata/RHSA-2015:2660
http://rhn.redhat.com/errata/RHSA-2015-2661.html
https://access.redhat.com/errata/RHSA-2015:2659
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246
http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html
http://www.debian.org/security/2015/dsa-3325
http://rhn.redhat.com/errata/RHSA-2015-1668.html
http://rhn.redhat.com/errata/RHSA-2015-1667.html
https://security.gentoo.org/glsa/201610-02
http://www.securitytracker.com/id/1032967
https://puppet.com/security/cve/CVE-2015-3183
http://rhn.redhat.com/errata/RHSA-2016-2056.html
http://rhn.redhat.com/errata/RHSA-2016-2055.html
http://rhn.redhat.com/errata/RHSA-2016-2054.html
http://rhn.redhat.com/errata/RHSA-2015-1666.html
https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E
https://github.com/apache/httpd/commit/a6027e56924bb6227c1fdbf6f91e7e2438338be6
https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E
History
Created Old Value New Value Data Type Notes
2022-05-10 16:12:37 Added to TrackCVE
2022-12-02 05:42:29 2015-07-20T23:59Z 2015-07-20T23:59:02 CVE Published Date updated
2022-12-02 05:42:29 2021-06-06T11:15:19 CVE Modified Date updated
2022-12-02 05:42:29 Modified Vulnerability Status updated