Apache HTTP Server Chunked Transfer Coding Vulnerability

Apache HTTP Server Chunked Transfer Coding Vulnerability

CVE-2015-3183 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.

Learn more about our Cis Benchmark Audit For Apache Http Server.