Home

CVE-2015-3183

Description

The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.

Risk Information

Base Score
6.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
28.343

Associated Vulnerability

VulnerabilityOS Platform
Update Apache to version 2.4.16Windows
Update Apache to version 2.2.29Windows
Vulnerabilities CVE-2015-3183 are fixed in Apache 2.2.31Windows
Multiple vulnerabilities are fixed in IBM HTTP 8.5.5.7Windows
Multiple vulnerabilities are fixed in IBM HTTP 7.0.0.37Windows
Multiple vulnerabilities are fixed in IBM HTTP 8.0.0.12Windows
Multiple vulnerabilities are fixed in IBM HTTP 8.0.0.11Windows
Multiple vulnerabilities are fixed in IBM HTTP 6.1.0.47Windows
Multiple vulnerabilities are fixed in IBM HTTP 7.0.0.39Windows
Vulnerabilities CVE-2015-3183,CVE-2015-2808,CVE-2015-0138 are fixed in IBM HTTP 8.5.5.6Windows
Multiple Vulnerabilities are affected in IBM Tivoli Monitoring 6.23Windows
Multiple Vulnerabilities are affected in IBM Tivoli Monitoring 6.30Windows
Multiple vulnerabilities are fixed in OS X Yosemite 10.10.5 UpdateMac
Multiple vulnerabilities are fixed in OS X Yosemite 10.10.5 Combo UpdateMac
Apache HTTP server (USN-2686-1) apache2.2-bin_2.4.10-9ubuntu1.1_i386.debLinux
Apache HTTP server (USN-2686-1) apache2.2-bin_2.4.10-9ubuntu1.1_amd64.debLinux
Apache HTTP server (USN-2686-1) apache2.2-bin_2.2.22-1ubuntu1.10_i386.debLinux
Apache HTTP server (USN-2686-1) apache2.2-bin_2.2.22-1ubuntu1.10_amd64.debLinux
SUSE-SU-2015:1851-1(SUSE Linux Enterprise Server 12 ) apache2-2.4.10-14.10.1.x86_64.rpmLinux
SUSE-SU-2015:1851-1(SUSE Linux Enterprise Server 12 ) apache2-debuginfo-2.4.10-14.10.1.x86_64.rpmLinux
SUSE-SU-2015:1851-1(SUSE Linux Enterprise Server 12 ) apache2-debugsource-2.4.10-14.10.1.x86_64.rpmLinux
SUSE-SU-2015:1851-1(SUSE Linux Enterprise Server 12 ) apache2-doc-2.4.10-14.10.1.noarch.rpmLinux
SUSE-SU-2015:1851-1(SUSE Linux Enterprise Server 12 ) apache2-example-pages-2.4.10-14.10.1.x86_64.rpmLinux
SUSE-SU-2015:1851-1(SUSE Linux Enterprise Server 12 ) apache2-mod_auth_kerb-5.4-2.4.1.x86_64.rpmLinux
SUSE-SU-2015:1851-1(SUSE Linux Enterprise Server 12 ) apache2-mod_auth_kerb-debuginfo-5.4-2.4.1.x86_64.rpmLinux
SUSE-SU-2015:1851-1(SUSE Linux Enterprise Server 12 ) apache2-mod_auth_kerb-debugsource-5.4-2.4.1.x86_64.rpmLinux
SUSE-SU-2015:1851-1(SUSE Linux Enterprise Server 12 ) apache2-mod_jk-1.2.40-2.6.1.x86_64.rpmLinux
SUSE-SU-2015:1851-1(SUSE Linux Enterprise Server 12 ) apache2-mod_jk-debuginfo-1.2.40-2.6.1.x86_64.rpmLinux
SUSE-SU-2015:1851-1(SUSE Linux Enterprise Server 12 ) apache2-mod_jk-debugsource-1.2.40-2.6.1.x86_64.rpmLinux
SUSE-SU-2015:1851-1(SUSE Linux Enterprise Server 12 ) apache2-mod_security2-2.8.0-3.4.1.x86_64.rpmLinux
SUSE-SU-2015:1851-1(SUSE Linux Enterprise Server 12 ) apache2-mod_security2-debuginfo-2.8.0-3.4.1.x86_64.rpmLinux
SUSE-SU-2015:1851-1(SUSE Linux Enterprise Server 12 ) apache2-mod_security2-debugsource-2.8.0-3.4.1.x86_64.rpmLinux
SUSE-SU-2015:1851-1(SUSE Linux Enterprise Server 12 ) apache2-prefork-2.4.10-14.10.1.x86_64.rpmLinux
SUSE-SU-2015:1851-1(SUSE Linux Enterprise Server 12 ) apache2-prefork-debuginfo-2.4.10-14.10.1.x86_64.rpmLinux
SUSE-SU-2015:1851-1(SUSE Linux Enterprise Server 12 ) apache2-utils-2.4.10-14.10.1.x86_64.rpmLinux
SUSE-SU-2015:1851-1(SUSE Linux Enterprise Server 12 ) apache2-utils-debuginfo-2.4.10-14.10.1.x86_64.rpmLinux
SUSE-SU-2015:1851-1(SUSE Linux Enterprise Server 12 ) apache2-worker-2.4.10-14.10.1.x86_64.rpmLinux
SUSE-SU-2015:1851-1(SUSE Linux Enterprise Server 12 ) apache2-worker-debuginfo-2.4.10-14.10.1.x86_64.rpmLinux
SUSE-SU-2015:1885-2(SUSE Linux Enterprise Server 11-SP3 ) apache2-2.2.12-59.1.x86_64.rpmLinux
SUSE-SU-2015:1885-2(SUSE Linux Enterprise Server 11-SP3 ) apache2-doc-2.2.12-59.1.x86_64.rpmLinux
SUSE-SU-2015:1885-2(SUSE Linux Enterprise Server 11-SP3 ) apache2-example-pages-2.2.12-59.1.x86_64.rpmLinux
SUSE-SU-2015:1885-2(SUSE Linux Enterprise Server 11-SP3 ) apache2-prefork-2.2.12-59.1.x86_64.rpmLinux
SUSE-SU-2015:1885-2(SUSE Linux Enterprise Server 11-SP3 ) apache2-utils-2.2.12-59.1.x86_64.rpmLinux
SUSE-SU-2015:1885-2(SUSE Linux Enterprise Server 11-SP3 ) apache2-worker-2.2.12-59.1.x86_64.rpmLinux
Httpd24-httpd update (ELSA-2015-1666) httpd24-httpd-2.4.12-6.0.1.el7.1.x86_64.rpmLinux
Httpd24-httpd-devel update (ELSA-2015-1666) httpd24-httpd-devel-2.4.12-6.0.1.el7.1.x86_64.rpmLinux
Httpd24-httpd-tools update (ELSA-2015-1666) httpd24-httpd-tools-2.4.12-6.0.1.el7.1.x86_64.rpmLinux
Httpd24-mod_ldap update (ELSA-2015-1666) httpd24-mod_ldap-2.4.12-6.0.1.el7.1.x86_64.rpmLinux
Httpd24-mod_proxy_html update (ELSA-2015-1666) httpd24-mod_proxy_html-2.4.12-6.0.1.el7.1.x86_64.rpmLinux
Httpd24-mod_session update (ELSA-2015-1666) httpd24-mod_session-2.4.12-6.0.1.el7.1.x86_64.rpmLinux
Httpd24-mod_ssl update (ELSA-2015-1666) httpd24-mod_ssl-2.4.12-6.0.1.el7.1.x86_64.rpmLinux
Httpd24-httpd-manual update (ELSA-2015-1666) httpd24-httpd-manual-2.4.12-6.0.1.el7.1.noarch.rpmLinux
Update Apache to version 2.4.16 (For Linux)Linux
Update Apache to version 2.2.29 (For Linux)Linux
Improper Input Validation Vulnerability (CVE-2015-3183)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-600354OS X Yosemite 10.10.5 Update
PATCH-600458OS X Yosemite 10.10.5 Combo Update

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234