CVE-2015-1130 — Vulnetix

Try Vulnetix Request Demo

CVE-2015-1130 PUBLISHED KEV CVSS 7.199999809265137 HIGH

The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."

EPSS 21.06% · 95.6th percentile

Risk Scores

CVSS v2.0

7.199999809265137

EPSS Score

21.06%

95.6th percentile

Affected Products

Vendor	Product	Versions
apple	mac_os_x	0, 0, 0
n/a	n/a	n/a, n/a

Timeline

Jan 17, 1970 VulnCheck XDB Entry
Jan 17, 1970 VulnCheck XDB Entry
Apr 9, 2015 CVE Published
Apr 9, 2015 PoC Published
Apr 12, 2015 PoC Published
May 29, 2018 PoC Published
Feb 4, 2022 EPSS Score
Feb 10, 2022 CISA KEV Added
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score

References

120418 vdb
https://support.apple.com/HT204659 url
73982 vdb
36692 exploit
1032048 vdb
APPLE-SA-2015-04-08-2 vendor-advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-1130 url
https://nvd.nist.gov/vuln/detail/CVE-2015-1130 advisory
https://www.exploit-db.com/exploits/36692 url
HPSBUX03512 vendor-advisory
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html url
http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES url
GLSA-201504-03 vendor-advisory
RHSA-2015:1249 vendor-advisory
RHSA-2016:0061 vendor-advisory
RHSA-2015:0325 vendor-advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html url
MDVSA-2014:174 vendor-advisory
USN-2523-1 vendor-advisory
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html url

…and 34 more

Open in Interactive Console →