CVE-2015-3183

EPSS 24.1%

apache2 - security update

Published: 7/20/2015Modified: 4/28/2026

Description

The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.

Affected packages (3)

Debian/apache2from 0, < 2.4.16-1
Debian/apache2from 0, < 2.2.16-6+squeeze15
Debian/apache2from 0, < 2.2.22-13+deb7u5

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-3183