PT-2013-5739 · Apache+6 · Apache Http Server+6

Publicado

2013-10-19

Atualizado

2024-06-15

CVE-2013-5704

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Apache HTTP Server version 2.2.22

Description The mod headers module in the Apache HTTP Server allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. The vendor states that this is not a security issue in httpd as such.

Recommendations For Apache HTTP Server version 2.2.22, consider disabling the mod headers module as a temporary workaround until a patch is available. Restrict access to the trailer portion of data sent with chunked transfer coding to minimize the risk of exploitation.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

ALT-PU-2015-1890

CESA-2015_0325

CESA-2015_1249

CVE-2013-5704

DLA-71-1

HPSBUX03337

HPSBUX03512

OPENSUSE-SU-2024:10268-1

RHSA-2014:1972

RHSA-2015:0325

RHSA-2015:1249

RHSA-2015:2659

RHSA-2015:2660

RHSA-2015_0325

RHSA-2015_1249

RHSA-2016:0061

SUSE-SU-2015:0689-1

SUSE-SU-2015:0974-1

SUSE-SU-2015_0974-1

USN-2523-1

Produtos afetados

Alt Linux

Apache Http Server

Centos

Hp-Ux

Red Hat

Suse

Ubuntu

PT-2013-5739 · Apache+6 · Apache Http Server+6

CVE-2013-5704

Identificadores relacionados

Produtos afetados

Referências · 218