Description
The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.
Remediation
References
Related Vulnerabilities
WordPress Plugin MailUp newsletter sign-up form Security Bypass (1.3.2)
Oracle Database Server CVE-2013-3790 Vulnerability (CVE-2013-3790)
WebLogic CVE-2022-21258 Vulnerability (CVE-2022-21258)
Envoy Proxy Origin Validation Error Vulnerability (CVE-2020-15104)
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2019-10086)