{"id":"MGASA-2015-0281","summary":"Updated apache package fixes security vulnerabilities","details":"The chunked transfer coding implementation in the Apache HTTP Server\nbefore 2.4.14 does not properly parse chunk headers, which allows remote\nattackers to conduct HTTP request smuggling attacks via a crafted request,\nrelated to  mishandling of large chunk-size values and invalid\nchunk-extension characters in modules/http/http_filters.c (CVE-2015-3183).\n\nThe ap_some_auth_required function in server/request.c in the Apache HTTP\nServer 2.4.x before 2.4.14 does not consider that a Require directive may\nbe associated with an authorization setting rather than an authentication\nsetting, which allows remote attackers to bypass intended access\nrestrictions in opportunistic circumstances by leveraging the presence of\na module that relies on the 2.2 API behavior (CVE-2015-3185).\n","modified":"2026-04-16T01:46:41.975880206Z","published":"2015-07-27T09:53:07Z","upstream":["CVE-2015-3183","CVE-2015-3185"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2015-0281.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=16403"},{"type":"WEB","url":"http://www.apache.org/dist/httpd/Announcement2.4.html"}],"affected":[{"package":{"name":"apache","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/apache?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.7-5.7.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0281.json"}},{"package":{"name":"apache","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/apache?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.10-16.3.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0281.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}