CVE-2013-5704

Priority
Low
Description
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote
attackers to bypass "RequestHeader unset" directives by placing a header in
the trailer portion of data sent with chunked transfer coding. NOTE: the
vendor states "this is not a security issue in httpd as such."
References
Bugs
Notes
mdeslaur> check for r1610814, r1610686, r1610707
Package
Upstream:released (2.2.29,2.4.11)
Ubuntu 10.04 LTS (Lucid Lynx):needed
Ubuntu 12.04 LTS (Precise Pangolin):needed
Ubuntu 14.04 LTS (Trusty Tahr):needed
Ubuntu 14.10 (Utopic Unicorn):needed
Ubuntu 15.04 (Vivid Vervet):needed
Patches:
Upstream:https://github.com/apache/httpd/commit/bd34b9d92894b7fc01810fc11a059fa30067e431#diff-381c180d963fb4507c77d80edb208224 (trunk)
Upstream:https://github.com/apache/httpd/commit/6688f9d102ad29d6bb4167d690ee495d709e47b6 (2.4.x)
Upstream:https://github.com/apache/httpd/commit/16e241ed9f0482acfda30b115227101744ccbc2c (2.2.x)
More Information

Valid XHTML 1.0 Strict

Updated: 2014-11-18 15:14:12 UTC (commit 8735)