KLA10640
Multiple vulnerabilities in Apache HTTP Server
Updated: 06/01/2019
Detect date
?
07/21/2015
Severity
?
Warning
Description

Multiple serious vulnerabilities have been found in Apache HTTP Server. Malicious users can exploit these vulnerabilities to cause a denial of service.

Below is a complete list of vulnerabilities

  1. Stack recursion crash in the mod_lua module in the lua_request.c file in lua_websocket_read function can lead to cause a denial of service via specially crafted PING request.
  2. The read_request_line function in server/protocol.c file doesn’t properly initialize the protocol structure member which can lead to cause a denial of service via specially crafted request.
  3. The chunked transfer coding implementation parse chunk headers improperly which can lead to HTTP Request Smuggling Attack via a specially crafted request
  4. The ap_some_auth_required function in server/request.c file has design error which renders the API unusuable.
Affected products

Apache httpd 2.4 versions 2.4.14 and earlier

Solution

Update to the latest version

Original advisories

Apache changelog

Impacts
?
DoS 
[?]
Related products
Apache HTTP Server
CVE-IDS
?
CVE-2015-02285.0Critical
CVE-2015-02535.0Critical
CVE-2015-31835.0Critical
CVE-2015-31854.3Warning