Description
The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.
Remediation
References
Related Vulnerabilities
Jboss EAP Incorrect Authorization Vulnerability (CVE-2022-0866)
TYPO3 Improper Input Validation Vulnerability (CVE-2013-7079)
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5321)
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-0541)
PostgreSQL Improper Control of Dynamically-Managed Code Resources Vulnerability (CVE-2022-2625)