Lucene search

K
cveRedhatCVE-2015-3183
HistoryJul 20, 2015 - 11:59 p.m.

CVE-2015-3183

2015-07-2023:59:02
CWE-20
CWE-17
redhat
web.nvd.nist.gov
510
cve-2015-3183
apache http server
http request smuggling
security vulnerability
nvd

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.5

Confidence

Low

EPSS

0.062

Percentile

93.6%

The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.

Affected configurations

Nvd
Node
apachehttp_serverRange2.2.02.2.31
OR
apachehttp_serverRange2.4.02.4.16
VendorProductVersionCPE
apachehttp_server*cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*

References

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.5

Confidence

Low

EPSS

0.062

Percentile

93.6%