VDB
GCVE-110-MAGEIA-2015-281
GCVE-110-MAGEIA-2015-281
Advisory Published
The chunked transfer coding implementation in the Apache HTTP Server
before 2.4.14 does not properly parse chunk headers, which allows remote
attackers to conduct HTTP request smuggling attacks via a crafted request,
related to mishandling of large chunk-size values and invalid
chunk-extension characters in modules/http/http_filters.c (CVE-2015-3183).
The ap_some_auth_required function in server/request.c in the Apache HTTP
Server 2.4.x before 2.4.14 does not consider that a Require directive may
be associated with an authorization setting rather than an authentication
setting, which allows remote attackers to bypass intended access
restrictions in opportunistic circumstances by leveraging the presence of
a module that relies on the 2.2 API behavior (CVE-2015-3185).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | apache | 0 (affected), 2.4.7-5.7.mga4 (unaffected) | — |
| Mageia | apache | 0 (affected), 2.4.10-16.3.mga5 (unaffected) | — |
Browse GCVE Records
73,443 records in the GCVE database · Updated July 18, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.