CVE-2015-3183

httpd: HTTP request smuggling attack against chunked request parser

Severity Score

3.7

*CVSS v3

Exploit Likelihood

37.4%

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.

Vulnerabilidad en la implementación de la codificación de transferencia fragmentada en el Servidor HTTP Apache en versiones anteriores a la 2.4.14 no analiza adecuadamente los fragmentos de las cabeceras lo cual permite a atacantes remotos efectuar ataques de infiltración de solicitudes HTTP a través de peticiones manipuladas, relacionada con el mal manejo de los valores fragmentados de gran tamaño y extensiones fragmentadas no válidas en modules/http/http_filters.c.

Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks.

Potential security vulnerabilities have been identified with HP-UX Web Server Suite running Apache on HP-UX 11iv3. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) and other impacts including: The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. Apache does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters. Revision 1 of this advisory.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2015-04-10 CVE Reserved
2015-07-20 CVE Published
2024-08-06 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-17: DEPRECATED: Code
CWE-20: Improper Input Validation
CWE-172: Encoding Error

CAPEC

References (55)

URL	Tag	Source
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html	Mailing List
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html	Third Party Advisory
http://www.securityfocus.com/bid/75963	Third Party Advisory
http://www.securityfocus.com/bid/91787	Third Party Advisory
http://www.securitytracker.com/id/1032967	Third Party Advisory
https://github.com/apache/httpd/commit/a6027e56924bb6227c1fdbf6f91e7e2438338be6	Third Party Advisory
https://github.com/apache/httpd/commit/e427c41257957b57036d5a549b260b6185d1dd73	Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246	Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789	Third Party Advisory

1 - 10 of 31

URL	Date	SRC

URL	Date	SRC
http://www.oracle.com/technetwork/security-advisory/cpujul2...	2023-12-14
http://www.oracle.com/technetwork/topics/security/cpujan201...	2023-12-14

1 - 2 of 2

URL	Date	SRC
http://httpd.apache.org/security/vulnerabilities_24.html	2023-12-14
http://lists.apple.com/archives/security-announce/2015/Aug...	2023-12-14
http://lists.apple.com/archives/security-announce/2015/Sep...	2023-12-14
http://lists.opensuse.org/opensuse-updates/2015-10/msg0001...	2023-12-14
http://marc.info/?l=bugtraq&m=144493176821532&w=2	2023-12-14
http://rhn.redhat.com/errata/RHSA-2015-1666.html	2023-12-14
http://rhn.redhat.com/errata/RHSA-2015-1667.html	2023-12-14
http://rhn.redhat.com/errata/RHSA-2015-1668.html	2023-12-14
http://rhn.redhat.com/errata/RHSA-2015-2661.html	2023-12-14
http://rhn.redhat.com/errata/RHSA-2016-0061.html	2023-12-14

1 - 10 of 22

Affected Vendors, Products, and Versions (2)

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				>= 2.2.0 < 2.2.31 Search vendor "Apache" for product "Http Server" and version " >= 2.2.0 < 2.2.31"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				>= 2.4.0 < 2.4.16 Search vendor "Apache" for product "Http Server" and version " >= 2.4.0 < 2.4.16"		-		Affected

1 - 2 of 2