Skip to content

CVE 2015 3183

Jump to bottom Edit New page
Wizeman02 edited this page Dec 16, 2016 · 8 revisions

Vulnerability Summary

The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.

Announced

#Patch A patch version was committed to github by Yann and Ylavic.

##Git fix hashes

  • e427c41257957b57036d5a549b260b6185d1dd73

##additional Yann Ylavic(ylavic@apache.org) and Graham Leggett. Yan joined the apache team on Feb 17,2014. Leggett has been a member of Apache software foundation and has been contributing toward the project since 1999. He have an degree in electrical engineering. He is currently a consultant in security and software engineering.

##CVE-2015-3183: Researched by Joshua James

####Commits ######Fix

  • Github - Hash
  • Number: e427c41257957b57036d5a549b260b6185d1dd73
  • Date: June 9, 2015

######Introduction

  • Github - Hash
  • Number: 64c435c46f94eb409e4a245408cd870defe5947f
  • Date: May 21, 2013

####Authors ######Fixer

######Discovered

  • regilero
  • Regis Leroy
  • DevOp @ Makina Corpus
  • No bounty apparent

######Introduced

  • minfrin
  • Graham Leggett

####Mistake: The original code did not properly parse chunked requests through the system. ####Description: Cache poisoning and credential hijacking is possible because there was a bug in the parsing method of chunked requests. Malicious clients could force a misinterpretation of the request length by the server. ####Tested: No ####Exploits: None found

This was fixed in patch 2.4.24

Add a custom footer
Add a custom sidebar

Clone this wiki locally