CVE-2013-5704

Priority
Low
Description
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote
attackers to bypass "RequestHeader unset" directives by placing a header in
the trailer portion of data sent with chunked transfer coding. NOTE: the
vendor states "this is not a security issue in httpd as such."
References
Bugs
Notes
mdeslaur> check for r1610814, r1610686, r1610707
Package
Upstream:released (2.2.28)
Ubuntu 10.04 LTS (Lucid Lynx):needed
Ubuntu 12.04 LTS (Precise Pangolin):needed
Ubuntu 14.04 LTS (Trusty Tahr):needed
Ubuntu 14.10 (Utopic Unicorn):needed
Patches:
Upstream:https://github.com/apache/httpd/commit/bd34b9d92894b7fc01810fc11a059fa30067e431#diff-381c180d963fb4507c77d80edb208224 (2.4.x)
Upstream:https://github.com/apache/httpd/commit/16e241ed9f0482acfda30b115227101744ccbc2c (2.2.x)
More Information

Valid XHTML 1.0 Strict

Updated: 2014-10-23 21:17:51 UTC (commit 8644)