DSA-3325-1 apache2 -- security update
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:P/A:N) | July 20, 2015 | August 04, 2015 | July 04, 2017 |
Description
The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.
Scan For This Vulnerability
Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities
References
Solution
debian-upgrade-apache2Related Vulnerabilities
- FreeBSD: apache22 -- chunk header parsing defect (CVE-2015-3183)
- Alpine Linux: CVE-2015-3185: apache2 several vulnerabilities
- ELSA-2015-1668 Moderate: Oracle Linux httpd security update
- RHSA-2015:1668: httpd security update
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 5
- USN-2686-1: Apache HTTP Server vulnerabilities
- Amazon Linux AMI: Security patch for httpd24 (ALAS-2015-579) (multiple CVEs)
- ELSA-2015-1666 Moderate: Oracle Linux Software Collections 1.2 for Oracle Linux httpd24-httpd security update
- RHSA-2015:1666: httpd24-httpd security update
- ELSA-2015-1667 Moderate: Oracle Linux httpd security update
- FreeBSD: apache24 -- multiple vulnerabilities (Multiple CVEs)
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 4
- Apache HTTPD: ap_some_auth_required API unusable (CVE-2015-3185)
- Alpine Linux: CVE-2015-3183: apache2 several vulnerabilities
- Oracle Solaris 11: CVE-2015-3185: Vulnerability in Apache HTTP server
- IBM HTTP Server: CVE-2015-3183: HTTP request smuggling attack against chunked request parser
- Gentoo Linux: CVE-2015-3183: Apache: Multiple vulnerabilities
- OS X update for apache (CVE-2015-3183)
- HP-UX: CVE-2015-3183: Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other Vulnerabilities
- Apache HTTPD: HTTP request smuggling attack against chunked request parser (CVE-2015-3183)
- RHSA-2015:1667: httpd security update
- OS X update for apache (CVE-2015-3185)
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 6
- Amazon Linux AMI: Security patch for httpd (ALAS-2015-578) (CVE-2015-3183)
- Oracle Solaris 11: CVE-2015-3183: Vulnerability in Apache HTTP server