The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Http_server | Apache | 2.2.0 (including) | 2.2.31 (excluding) |
Http_server | Apache | 2.4.0 (including) | 2.4.16 (excluding) |