CVE-2015-3183 · threatengine.sh

Home/CVE/The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers

CVE

CVE-2015-3183

The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers

The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.

MEDIUM · CVSS 5 EPSS 0.24118

Schedule remediation

EPSS ≥ 0.10 - elevated exploitation probability
EPSS percentile: top 4% of all CVEs by exploitation likelihood

Sigma rules0 YARA rules0

⬡

Weakness Classification

CWE-20Improper Input Validation

▤

Affected Products & Versions

2

apache http server>= 2.2.0 and < 2.2.31

apache http server>= 2.4.0 and < 2.4.16

▣

Scoring & Timeline

5

MEDIUM · CVSS v2 (legacy) · secalert@redhat.com

View on NVD

This CVE predates CVSS v3; the legacy v2 score is shown so triage still has a severity to work with.

v2 Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Published to NVD20 Jul 2015 · 11:59 PM

⚑

Vendor Advisories

15

rhsaRHSA-2016:2056Low
rhsaRHSA-2016:2055Low
rhsaRHSA-2016:2054Low
rhsaRHSA-2015:2660Low
rhsaRHSA-2015:2661Low
Show all 15 vendor advisoriesrhsaRHSA-2015:2659Low
suse-csafSUSE-SU-2015:1851-1
suse-csafSUSE-SU-2015:1885-1
suse-csafSUSE-SU-2015:1885-2
usnUSN-2686-1
rhsaRHSA-2015:1668Moderate
rhsaRHSA-2015:1667Moderate
rhsaRHSA-2016:0061Moderate
rhsaRHSA-2015:1666Moderate
rhsaRHSA-2016:0062Moderate

🔗

References & Sources

51

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

http://httpd.apache.org/security/vulnerabilities_24.htmlVendor Advisory

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735Third Party Advisory

http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlMailing List

http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.htmlMailing List

http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.htmlThird Party Advisory

http://marc.info/?l=bugtraq&m=144493176821532&w=2Mailing ListThird Party AdvisoryVDB Entry

Show all 51 references

http://rhn.redhat.com/errata/RHSA-2015-1666.htmlThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-1667.htmlThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-1668.htmlThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-2661.htmlThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-0061.htmlThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-0062.htmlThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-2054.htmlThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-2055.htmlThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-2056.htmlThird Party Advisory

http://www.apache.org/dist/httpd/CHANGES_2.4Vendor Advisory

http://www.debian.org/security/2015/dsa-3325Third Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlPatch

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlMailing ListThird Party Advisory

http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.htmlPatchThird Party Advisory

http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlThird Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/75963Third Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/91787Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1032967Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-2686-1Third Party Advisory

https://github.com/apache/httpd/commit/a6027e56924bb6227c1fdbf6f91e7e2438338be6Third Party Advisory

https://github.com/apache/httpd/commit/e427c41257957b57036d5a549b260b6185d1dd73Third Party Advisory

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246Third Party Advisory

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789Third Party AdvisoryVDB Entry

https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3EThird Party Advisory

https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3EThird Party Advisory

https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3EThird Party Advisory

https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3EThird Party Advisory

https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3EThird Party Advisory

https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3EThird Party Advisory

https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3EThird Party Advisory

https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3EThird Party Advisory

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3EThird Party Advisory

https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3EThird Party Advisory

https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3EThird Party Advisory

https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3EThird Party Advisory

https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3EThird Party Advisory

https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3EThird Party Advisory

https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3EThird Party Advisory

https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3EThird Party Advisory

https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3EThird Party Advisory

https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3EThird Party Advisory

https://puppet.com/security/cve/CVE-2015-3183Third Party Advisory

https://security.gentoo.org/glsa/201610-02Third Party Advisory

https://support.apple.com/HT205219Third Party AdvisoryVDB Entry

https://support.apple.com/kb/HT205031Third Party AdvisoryVDB Entry

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin