PT-2013-5739 · Apache+6 · Apache Http Server+6

Published

2013-10-19

Updated

2024-06-15

CVE-2013-5704

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Apache HTTP Server version 2.2.22

Description The mod headers module in the Apache HTTP Server allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. The vendor states that this is not a security issue in httpd as such.

Recommendations For Apache HTTP Server version 2.2.22, consider disabling the mod headers module as a temporary workaround until a patch is available. Restrict access to the trailer portion of data sent with chunked transfer coding to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2015-1890

CESA-2015_0325

CESA-2015_1249

CVE-2013-5704

DLA-71-1

HPSBUX03337

HPSBUX03512

OPENSUSE-SU-2024:10268-1

RHSA-2014:1972

RHSA-2015:0325

RHSA-2015:1249

RHSA-2015:2659

RHSA-2015:2660

RHSA-2015_0325

RHSA-2015_1249

RHSA-2016:0061

SUSE-SU-2015:0689-1

SUSE-SU-2015:0974-1

SUSE-SU-2015_0974-1

USN-2523-1

Affected Products

Alt Linux

Apache Http Server

Centos

Hp-Ux

Red Hat

Suse

Ubuntu

PT-2013-5739 · Apache+6 · Apache Http Server+6

CVE-2013-5704

Related Identifiers

Affected Products

References · 218