Description

The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.

Remediation

References

CVE-2015-3183

Related Vulnerabilities

WordPress Plugin WP-FaceThumb 'pagination_wp_facethumb' Parameter Cross-Site Scripting (0.1)

WordPress Plugin Product Catalog for WordPress Unspecified Vulnerability (1.4.5)

phpMyAdmin Other Vulnerability (CVE-2001-1060)

SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-1106)

WordPress Plugin WP eCommerce Security Bypass (3.8.14.3)

Severity

Medium

Classification

CVE-2015-3183

Tags

Missing Update Known Vulnerabilities