CVE-2013-5704
CVE-2013-5704
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2015/Sep/msg00004.htmlhttp://marc.info/?l=apache-httpd-dev&m=139636309822854&w=2http://marc.info/?l=bugtraq&m=143403519711434&w=2http://marc.info/?l=bugtraq&m=144493176821532&w=2http://martin.swende.se/blog/HTTPChunked.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0325.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1249.htmlhttp://rhn.redhat.com/errata/RHSA-2015-2661.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0061.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0062.htmlhttps://access.redhat.com/errata/RHSA-2015:2659