CVE-2013-5704
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."
Ver en NVDSeveridad
N/A
EPSS
Probabilidad de explotación (próx. 30 días): 0.6469 (64.7%)
Percentil: 98.5%
EPSS: 2026-05-06
Afecta
apache:http_serverredhat:enterprise_linux_desktopredhat:enterprise_linux_eusredhat:enterprise_linux_serverredhat:enterprise_linux_server_ausredhat:enterprise_linux_server_tusredhat:enterprise_linux_workstationredhat:jboss_enterprise_web_serverredhat:enterprise_linuxoracle:enterprise_manager_ops_centeroracle:http_serveroracle:linuxoracle:solarisapple:mac_os_xapple:mac_os_x_servercanonical:ubuntu_linuxDescripción técnica
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."
Publicada: 15/4/2014, 10:55:11
Última modificación: 6/5/2026, 22:30:45
Referencias
- http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html
- http://marc.info/?l=apache-httpd-dev&m=139636309822854&w=2
- http://marc.info/?l=bugtraq&m=143403519711434&w=2
- http://marc.info/?l=bugtraq&m=144493176821532&w=2
- http://martin.swende.se/blog/HTTPChunked.html
- http://rhn.redhat.com/errata/RHSA-2015-0325.html
- http://rhn.redhat.com/errata/RHSA-2015-1249.html