CVE-2013-5704

Priority
Low
Description
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote
attackers to bypass "RequestHeader unset" directives by placing a header in
the trailer portion of data sent with chunked transfer coding. NOTE: the
vendor states "this is not a security issue in httpd as such."
References
Bugs
Notes
mdeslaur> check for r1610814, r1610686, r1610707
Assigned-to
mdeslaur
Package
Upstream:released (2.2.29,2.4.11)
Ubuntu 10.04 LTS (Lucid Lynx):released (2.2.14-5ubuntu8.15)
Ubuntu 12.04 LTS (Precise Pangolin):released (2.2.22-1ubuntu1.8)
Ubuntu 14.04 LTS (Trusty Tahr):released (2.4.7-1ubuntu4.4)
Ubuntu 14.10 (Utopic Unicorn):released (2.4.10-1ubuntu1.1)
Ubuntu 15.04 (Vivid Vervet):not-affected (2.4.10-8ubuntu2)
Patches:
Upstream:https://github.com/apache/httpd/commit/bd34b9d92894b7fc01810fc11a059fa30067e431#diff-381c180d963fb4507c77d80edb208224 (trunk)
Upstream:https://github.com/apache/httpd/commit/6688f9d102ad29d6bb4167d690ee495d709e47b6 (2.4.x)
Upstream:https://github.com/apache/httpd/commit/16e241ed9f0482acfda30b115227101744ccbc2c (2.2.x)
More Information

Valid XHTML 1.0 Strict

Updated: 2015-03-10 16:14:59 UTC (commit 9177)