Apache.HTTP.Server.Chunk.Size.Request.Smuggling
Description
This indicates detection of a HTTP Request Smuggling vulnerability in the Apache HTTP Server.
The vulnerability is due to improper chunk size parsing of HTTP requests. A remote attacker may be able to poison the web cache, bypass web application firewall protection, and conduct XSS on the affected application.
Affected Products
Apache HTTP Server before 2.4.14
Impact
Cross-site scripting
Cache poisoning
Session hijacking allowing attackers to gain access to user's data and perform operations.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
http://httpd.apache.org/security/vulnerabilities_24.html
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |