Description
The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.
Remediation
References
Related Vulnerabilities
Oracle Application Server CVE-2008-4017 Vulnerability (CVE-2008-4017)
Plone CMS CVE-2011-2528 Vulnerability (CVE-2011-2528)
WordPress Plugin WP eCommerce 'wpsc-transaction_results_functions.php' SQL Injection (3.8.7.5)
WordPress Plugin Responsive Image Slider, Photo Gallery And Carousel Security Bypass (1.3.5)
Oracle Application Server Other Vulnerability (CVE-2007-0222)