FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

apache22 -- chunk header parsing defect

Affected packages
apache22 <= 2.2.29_5
apache22-event-mpm <= 2.2.29_5
apache22-itk-mpm <= 2.2.29_5
apache22-peruser-mpm <= 2.2.29_5
apache22-worker-mpm <= 2.2.29_5


VuXML ID 29083f8e-2ca8-11e5-86ff-14dae9d210b8
Discovery 2015-06-24
Entry 2015-07-17

Apache Foundation reports:

CVE-2015-3183 core: Fix chunk header parsing defect. Remove apr_brigade_flatten(), buffering and duplicated code from the HTTP_IN filter, parse chunks in a single pass with zero copy. Limit accepted chunk-size to 2^63-1 and be strict about chunk-ext authorized characters.


CVE Name CVE-2015-3183