Apache – CVE-2015-3183

Description

Kayran has detected that a HTTP request smuggling attack against chunked request parser is possible in the Version of Apache HTTP Server being used.

CVE-2015-3183 is categorized as a ‘Improper Input Validation’ vulnerability (CWE-20).
These vulnerabilities occur when the product receives an input or data, but it does not validate or incorrectly validates that the input actually has the properties that are required to process the data safely and correctly.

A bug was found in the chunked transfer coding implementation in the Apache HTTP Server being used.
Due to not properly parsing chunk headers, remote attackers could initiate HTTP request ‘Smuggling Attacks’ using a crafted request.
An attacker could force the server to misinterpret the request’s length, which allows to initiate Cache Poisoning or Credential Hijacking when an intermediary proxy is being used.

There’s a chance that this vulnerability will allow attackers to modify system files and information.

Recommendation

To fix CVE-2015-3183, upgrade the version of Apache HTTP Server being used to either 2.2.31 or 2.4.16.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3183

https://cwe.mitre.org/data/definitions/20.html

< Return to all Vulnerabilities

Blue Team

We’ve talked about The Red Team before, but what about The Blue Team? How is this group different from the red one? Why would we

Read More »

HAR Files

In this article, I’ll talk and explain about HAR Files, so if you don’t know what they are, or, what do we use them for,

Read More »