CVE-2015-3183

medium Apache
CVSS v3 Base Score
5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N
EPSS Score
28.3%
Exploitation probability in 30 days
Top 3% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
None
Integrity
P
Availability
None
Published: July 20, 2015 (3951 days ago)
Last Modified: May 6, 2026
Vendor: Apache
Source: NVD

Description

The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.

CWE

CWE-17

Affected Products

apache http server

References

🔗 httpd.apache.org 🔗 kb.juniper.net 🔗 lists.apple.com 🔗 lists.apple.com 🔗 lists.opensuse.org