CVE-2015-3183

Name: CVE-2015-3183
Creator: NVD / NIST
Published: 2015-07-20T23:59:02.877+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 73.33%

Last modified Jun 17, 2026

CVE-2015-3183 is a vulnerability of currently unknown severity. The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.. EPSS estimates a 73.33% chance of exploitation in the next 30 days.

Description

The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.

Metrics

EPSS Probability

73.33%

99.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Apache	Http Server	>= 2.2.0, < 2.2.31
Apache	Http Server	>= 2.4.0, < 2.4.16

References

http://httpd.apache.org/security/vulnerabilities_24.htmlVendor Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735Third Party Advisory
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlMailing List
http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.htmlMailing List
http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.htmlThird Party Advisory
http://marc.info/?l=bugtraq&m=144493176821532&w=2Mailing List, Third Party Advisory, VDB Entry
http://rhn.redhat.com/errata/RHSA-2015-1666.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1667.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1668.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-2661.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0061.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0062.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2054.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2055.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2056.htmlThird Party Advisory
http://www.apache.org/dist/httpd/CHANGES_2.4Vendor Advisory
http://www.debian.org/security/2015/dsa-3325Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlPatch
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlMailing List, Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.htmlPatch, Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlThird Party Advisory, VDB Entry
http://www.securityfocus.com/bid/75963Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/91787Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1032967Third Party Advisory, VDB Entry
http://www.ubuntu.com/usn/USN-2686-1Third Party Advisory
https://access.redhat.com/errata/RHSA-2015:2659Third Party Advisory
https://access.redhat.com/errata/RHSA-2015:2660Third Party Advisory
https://github.com/apache/httpd/commit/a6027e56924bb6227c1fdbf6f91e7e2438338be6Third Party Advisory
https://github.com/apache/httpd/commit/e427c41257957b57036d5a549b260b6185d1dd73Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789Third Party Advisory, VDB Entry
https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3EThird Party Advisory
https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3EThird Party Advisory
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3EThird Party Advisory
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3EThird Party Advisory
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3EThird Party Advisory
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3EThird Party Advisory
https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3EThird Party Advisory
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3EThird Party Advisory
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3EThird Party Advisory
https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3EThird Party Advisory
https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3EThird Party Advisory
https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3EThird Party Advisory
https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3EThird Party Advisory
https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3EThird Party Advisory
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3EThird Party Advisory
https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3EThird Party Advisory
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3EThird Party Advisory
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3EThird Party Advisory
https://puppet.com/security/cve/CVE-2015-3183Third Party Advisory
https://security.gentoo.org/glsa/201610-02Third Party Advisory
https://support.apple.com/HT205219Third Party Advisory, VDB Entry
https://support.apple.com/kb/HT205031Third Party Advisory, VDB Entry
http://httpd.apache.org/security/vulnerabilities_24.htmlVendor Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735Third Party Advisory
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlMailing List
http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.htmlMailing List
http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.htmlThird Party Advisory
http://marc.info/?l=bugtraq&m=144493176821532&w=2Mailing List, Third Party Advisory, VDB Entry
http://rhn.redhat.com/errata/RHSA-2015-1666.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1667.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1668.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-2661.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0061.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0062.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2054.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2055.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2056.htmlThird Party Advisory
http://www.apache.org/dist/httpd/CHANGES_2.4Vendor Advisory
http://www.debian.org/security/2015/dsa-3325Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlPatch
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlMailing List, Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.htmlPatch, Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlThird Party Advisory, VDB Entry
http://www.securityfocus.com/bid/75963Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/91787Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1032967Third Party Advisory, VDB Entry
http://www.ubuntu.com/usn/USN-2686-1Third Party Advisory
https://access.redhat.com/errata/RHSA-2015:2659Third Party Advisory
https://access.redhat.com/errata/RHSA-2015:2660Third Party Advisory
https://github.com/apache/httpd/commit/a6027e56924bb6227c1fdbf6f91e7e2438338be6Third Party Advisory
https://github.com/apache/httpd/commit/e427c41257957b57036d5a549b260b6185d1dd73Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789Third Party Advisory, VDB Entry
https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3EThird Party Advisory
https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3EThird Party Advisory
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3EThird Party Advisory
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3EThird Party Advisory
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3EThird Party Advisory
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3EThird Party Advisory
https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3EThird Party Advisory
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3EThird Party Advisory
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3EThird Party Advisory
https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3EThird Party Advisory
https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3EThird Party Advisory
https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3EThird Party Advisory
https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3EThird Party Advisory
https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3EThird Party Advisory
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3EThird Party Advisory
https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3EThird Party Advisory
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3EThird Party Advisory
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3EThird Party Advisory
https://puppet.com/security/cve/CVE-2015-3183Third Party Advisory
https://security.gentoo.org/glsa/201610-02Third Party Advisory
https://support.apple.com/HT205219Third Party Advisory, VDB Entry
https://support.apple.com/kb/HT205031Third Party Advisory, VDB Entry

Timeline

Published: Jul 20, 2015
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2015-3183?

How severe is CVE-2015-3183?

Severity scoring for CVE-2015-3183 is pending analysis. The EPSS model estimates a 73.33% probability of exploitation in the next 30 days.

How do I fix CVE-2015-3183?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2015-3183?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST