CVE-2015-3183

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.14

Description The issue is related to the improper parsing of chunk headers in the chunked transfer coding implementation, allowing remote attackers to conduct HTTP request smuggling attacks via a crafted request. This is due to the mishandling of large chunk-size values and invalid chunk-extension characters in the modules/http/http filters.c module. A malicious client could force the server to misinterpret the request length, potentially allowing cache poisoning or credential hijacking if an intermediary proxy is in use.

Recommendations For Apache HTTP Server versions prior to 2.4.14, update to version 2.4.14 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable module modules/http/http filters.c to minimize the risk of exploitation. Avoid using the chunked transfer coding implementation until the issue is resolved.