HTTP request smuggling attack vulnerabilities in Apache HTTP Server via a crafted requestID: oval:org.secpod.oval:def:26138 | Date: (C)2015-08-24 (M)2023-12-22 |
Class: VULNERABILITY | Family: windows |
The host is installed with Apache HTTP Server 2.2.x or 2.4.x before 2.4.14 and is prone to HTTP request smuggling attack vulnerabilities. The flaws are present in the chunked transfer coding implementation, which does not properly parse chunk headers. Successful exploitation will allow remote attackers to conduct HTTP request smuggling attacks, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.
Platform: |
Microsoft Windows Server 2022 |
Microsoft Windows 11 |
Microsoft Windows Server 2019 |
Microsoft Windows 10 |
Microsoft Windows 7 |
Microsoft Windows 8 |
Microsoft Windows 8.1 |
Microsoft Windows Server 2003 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2016 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows Vista |
Microsoft Windows XP |
Product: |
Apache HTTP Server |