During the latest app scan in my project, CVE-2015-3183 has popped up. I have looked everywhere on the net for solution. Solution is simple: update your Apache.
The problem is we cannot update our Apache for next 3 to 4 months as it requires lots of permission in my company. Next app scan (PCI DSS) is due in 2 weeks and we need to pass it.
Please suggest any way using which I can solve this - HTTP request smuggling attack against chunked request parser (CVE-2015-3183 - without updating my Apache.
One of the answers that I got on Red-hat site is simple:
RewriteEngine on
RewriteCond %{HTTP:Transfer-Encoding} ^chunked$
RewriteRule .* - [R=400]
If above solution is correct, how can I be sure that my development team is not making any chunk requests? Or is any other solution available?
