Apache – CVE-2015-3183

Description

Kayran has detected that a HTTP request smuggling attack against chunked request parser is possible in the Version of Apache HTTP Server being used.

CVE-2015-3183 is categorized as a ‘Improper Input Validation’ vulnerability (CWE-20).
These vulnerabilities occur when the product receives an input or data, but it does not validate or incorrectly validates that the input actually has the properties that are required to process the data safely and correctly.

A bug was found in the chunked transfer coding implementation in the Apache HTTP Server being used.
Due to not properly parsing chunk headers, remote attackers could initiate HTTP request ‘Smuggling Attacks’ using a crafted request.
An attacker could force the server to misinterpret the request’s length, which allows to initiate Cache Poisoning or Credential Hijacking when an intermediary proxy is being used.

There’s a chance that this vulnerability will allow attackers to modify system files and information.

Recommendation

To fix CVE-2015-3183, upgrade the version of Apache HTTP Server being used to either 2.2.31 or 2.4.16.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3183

https://cwe.mitre.org/data/definitions/20.html

< Return to all Vulnerabilities

The Cloud

I’m pretty sure there isn’t a single adult in the world who hasn’t at least heard of The Cloud. Explaining “The Cloud” in 2022 may

Read More »

Explaining API

We’ve talked about API’s Vulnerability in here, but i feel like there’s much more to talk about and explain since this is a big and

Read More »