Description
The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Hardening-Fix Your WordPress Security Cross-Site Scripting (1.2.1)
WordPress 5.1.x Prototype Pollution (5.1 - 5.1.12)
WordPress Plugin Wordfence Security-Firewall & Malware Scan Cross-Site Scripting (5.2.2)
TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-1607)