Vulnerabilities Threats

English Russian Japanese LatAm Türkiye Brasil France Český Deutschland

KLA10640
Multiple vulnerabilities in Apache HTTP Server

Updated: 05/22/2020
Detect date
?
 07/21/2015
Severity
?
 Warning
Description

Multiple serious vulnerabilities have been found in Apache HTTP Server. Malicious users can exploit these vulnerabilities to cause a denial of service.

Below is a complete list of vulnerabilities

  1. Stack recursion crash in the mod_lua module in the lua_request.c file in lua_websocket_read function can lead to cause a denial of service via specially crafted PING request.
  2. The read_request_line function in server/protocol.c file doesn’t properly initialize the protocol structure member which can lead to cause a denial of service via specially crafted request.
  3. The chunked transfer coding implementation parse chunk headers improperly which can lead to HTTP Request Smuggling Attack via a specially crafted request
  4. The ap_some_auth_required function in server/request.c file has design error which renders the API unusuable.
Affected products

Apache httpd 2.4 versions 2.4.14 and earlier
Solution

Update to the latest version
Original advisories

Apache changelog
Impacts
?
DoS 
[?]
Related products
 Apache HTTP Server
CVE-IDS
?
CVE-2015-02285.0Critical
CVE-2015-02535.0Critical
CVE-2015-31835.0Critical
CVE-2015-31854.3Warning
Find out the statistics of the vulnerabilities spreading in your region
© 2023 AO Kaspersky Lab. All Rights Reserved.
Privacy Policy Cookies

Up