Home > Vulnerability Database > CVE-2015-3183

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2015-3183

Good to know:

Date: July 20, 2015

The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.

Language: C

Severity Score

5.3

Related Resources (58)

Url: http://www.apache.org/dist/httpd/CHANGES_2.4

Url: https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

Url: http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Url: https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E

Url: http://www.securityfocus.com/bid/75963

Url: http://rhn.redhat.com/errata/RHSA-2016-2054.html

Url: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

Url: https://puppet.com/security/cve/CVE-2015-3183

Url: http://rhn.redhat.com/errata/RHSA-2015-1667.html

Url: http://rhn.redhat.com/errata/RHSA-2015-1666.html

Url: https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E

Url: https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E

Url: https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2015-3183

Url: https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

Url: http://rhn.redhat.com/errata/RHSA-2015-1668.html

Url: http://www.debian.org/security/2015/dsa-3325

Url: http://www.securityfocus.com/bid/91787

Url: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789

Url: https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E

Url: https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E

Url: http://rhn.redhat.com/errata/RHSA-2016-0062.html

Url: https://support.apple.com/HT205219

Url: http://www.securitytracker.com/id/1032967

Url: https://github.com/apache/httpd/commit/a6027e56924bb6227c1fdbf6f91e7e2438338be6

Url: https://security.gentoo.org/glsa/201610-02

Url: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246

Url: http://rhn.redhat.com/errata/RHSA-2015-2661.html

Url: https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E

Url: http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html

Url: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

Url: https://support.apple.com/kb/HT205031

Url: https://access.redhat.com/errata/RHSA-2015:2659

Url: https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E

Url: https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E

Url: http://marc.info/?l=bugtraq&m=144493176821532&w=2

Url: https://security-tracker.debian.org/tracker/CVE-2015-3183

Url: https://access.redhat.com/errata/RHSA-2015:2660

Url: https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E

Url: http://rhn.redhat.com/errata/RHSA-2016-0061.html

Url: http://www.ubuntu.com/usn/USN-2686-1

Url: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735

Url: http://rhn.redhat.com/errata/RHSA-2016-2056.html

Url: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

Url: https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E

Url: https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E

Url: http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html

Url: http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

Url: https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E

Url: https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E

Url: https://access.redhat.com/security/cve/CVE-2015-3183

Url: https://github.com/apache/httpd/commit/e427c41257957b57036d5a549b260b6185d1dd73

Url: http://httpd.apache.org/security/vulnerabilities_24.html

Url: http://rhn.redhat.com/errata/RHSA-2016-2055.html

Url: https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E

Url: https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E

Url: https://nvd.nist.gov/vuln/detail/CVE-2015-3183

Url: https://www.mend.io/vulnerability-database/CVE-2015-3183

Severity Score

5.3

Weakness Type (CWE)

Code

CWE-17

Input Validation

CWE-20

Top Fix

Upgrade Version

Upgrade to version 2.4.14

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Do you need more information?

Contact Us