CVE-2015-3183

httpd: HTTP request smuggling attack against chunked request parser

Severity Score

3.7

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.

Vulnerabilidad en la implementación de la codificación de transferencia fragmentada en el Servidor HTTP Apache en versiones anteriores a la 2.4.14 no analiza adecuadamente los fragmentos de las cabeceras lo cual permite a atacantes remotos efectuar ataques de infiltración de solicitudes HTTP a través de peticiones manipuladas, relacionada con el mal manejo de los valores fragmentados de gran tamaño y extensiones fragmentadas no válidas en modules/http/http_filters.c.

Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2015-04-10 CVE Reserved
2015-07-20 CVE Published
2024-05-09 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-17: DEPRECATED: Code
CWE-20: Improper Input Validation
CWE-172: Encoding Error

CAPEC

References (55)

URL	Tag	Source
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html	Mailing List
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html	Third Party Advisory
http://www.securityfocus.com/bid/75963	Third Party Advisory
http://www.securityfocus.com/bid/91787	Third Party Advisory
http://www.securitytracker.com/id/1032967	Third Party Advisory
https://github.com/apache/httpd/commit/a6027e56924bb6227c1fdbf6f91e7e2438338be6	Third Party Advisory
https://github.com/apache/httpd/commit/e427c41257957b57036d5a549b260b6185d1dd73	Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246	Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789	Third Party Advisory
https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://puppet.com/security/cve/CVE-2015-3183	Third Party Advisory
https://support.apple.com/HT205219	Third Party Advisory
https://support.apple.com/kb/HT205031	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html	2023-12-14
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html	2023-12-14

URL	Date	SRC
http://httpd.apache.org/security/vulnerabilities_24.html	2023-12-14
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html	2023-12-14
http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html	2023-12-14
http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html	2023-12-14
http://marc.info/?l=bugtraq&m=144493176821532&w=2	2023-12-14
http://rhn.redhat.com/errata/RHSA-2015-1666.html	2023-12-14
http://rhn.redhat.com/errata/RHSA-2015-1667.html	2023-12-14
http://rhn.redhat.com/errata/RHSA-2015-1668.html	2023-12-14
http://rhn.redhat.com/errata/RHSA-2015-2661.html	2023-12-14
http://rhn.redhat.com/errata/RHSA-2016-0061.html	2023-12-14
http://rhn.redhat.com/errata/RHSA-2016-0062.html	2023-12-14
http://rhn.redhat.com/errata/RHSA-2016-2054.html	2023-12-14
http://rhn.redhat.com/errata/RHSA-2016-2055.html	2023-12-14
http://rhn.redhat.com/errata/RHSA-2016-2056.html	2023-12-14
http://www.apache.org/dist/httpd/CHANGES_2.4	2023-12-14
http://www.debian.org/security/2015/dsa-3325	2023-12-14
http://www.ubuntu.com/usn/USN-2686-1	2023-12-14
https://access.redhat.com/errata/RHSA-2015:2659	2023-12-14
https://access.redhat.com/errata/RHSA-2015:2660	2023-12-14
https://security.gentoo.org/glsa/201610-02	2023-12-14
https://access.redhat.com/security/cve/CVE-2015-3183	2016-10-12
https://bugzilla.redhat.com/show_bug.cgi?id=1243887	2016-10-12

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				>= 2.2.0 < 2.2.31 Search vendor "Apache" for product "Http Server" and version " >= 2.2.0 < 2.2.31"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				>= 2.4.0 < 2.4.16 Search vendor "Apache" for product "Http Server" and version " >= 2.4.0 < 2.4.16"		-		Affected