Description
The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.
Remediation
References
Related Vulnerabilities
WordPress Plugin Check & Log Email Cross-Site Scripting (1.0.3)
Atlassian Jira Missing Authorization Vulnerability (CVE-2020-14185)
Java Denial of Service (DoS) Vulnerability (CVE-2018-2952)
WordPress Plugin Resume Submissions & Job Postings Arbitrary File Upload (2.5.3)
Oracle HTTP Server CVE-2020-2530 Vulnerability (CVE-2020-2530)