CVE-2015-3183
EPSS 24.1%apache2 - security update
發布日:2015/7/20修改日:2026/4/28
描述
The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.
受影響套件(3)
- Debian/apache2from 0, < 2.4.16-1
- Debian/apache2from 0, < 2.2.16-6+squeeze15
- Debian/apache2from 0, < 2.2.22-13+deb7u5