DEBIAN-CVE-2015-3183

DEBIAN-CVE-2015-3183 PUBLISHED

The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.

Affected Products

Vendor	Product	Versions
Debian:13	apache2	0, 0, 0
Debian:11	apache2	0, 0, 0
Debian:12	apache2	0, 0, 0
Debian:14	apache2	0, 0, 0

Timeline

Jul 20, 2015 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2015-3183 advisory

Open in Interactive Console →