CVE-2015-3183
CVE-2015-3183
The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.
Produtos afetados
n/a · n/aQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://httpd.apache.org/security/vulnerabilities_24.htmlhttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2015/Sep/msg00004.htmlhttp://lists.opensuse.org/opensuse-updates/2015-10/msg00011.htmlhttp://marc.info/?l=bugtraq&m=144493176821532&w=2http://rhn.redhat.com/errata/RHSA-2015-1666.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1667.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1668.htmlhttp://rhn.redhat.com/errata/RHSA-2015-2661.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0061.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0062.html